 PHP Tutorial: Form Verification And Simple Validation, A One Page script for PHP form verification. |
Rating
|
|
|
|
|
  |
 Jan 10 2008, 06:34 AM
Post
#11
|
|
|
Newbie [ Level 2 ]  Group: Members Posts: 19 Joined: 14-December 07 From: Mexico Member No.: 26,890  |
QUOTE(mastercomputers @ Apr 7 2007, 05:51 PM)  Well, I don't see no solutions to what I suggested so I'll provide clues. To check if a form is actually the form you want to process, you need to make sure that the form resides where you've placed it. You can check that the form is actually coming from the server it's hosted on by checking it's referrer which should indicate either the server's domain or ip address. If you check the referrer is enough to kick a hacker out or there exists another good practices for enhancing security in php scripts that process forms? |
 |
 
|
|
Mar 28 2008, 08:59 PM
Post
#12
|
|
|
Super Member  Group: [HOSTED] Posts: 806 Joined: 8-April 06 From: Lima - Peru Member No.: 12,579 myCENTs:0.57 |
QUOTE(Andres Martinez Andrade @ Jan 10 2008, 01:34 AM) If you check the referrer is enough to kick a hacker out or there exists another good practices for enhancing security in php scripts that process forms? Checking the referrer is a good practice but in my opinion is not enough, because it can also be faked, for this situation you can implement some type of IP checking. If the IP has not visited the specific page shortly prior to calling the script, deny access. For example the following code can be used to get the user's IP address: CODE <?php $ip=$_SERVER["REMOTE_ADDR"]; ?> Another good practice for enhancing security in php scripts is to validate for the correct method -POST or GET- that you use in your form, it is recomended that never use the $_REQUEST variable, if you use it for your validations you don't know which method is used, because this variable can handle both methods. For example, if you use the POST method to send your form, it is very easy to validate it with the following code: CODE <?php if($_SERVER['REQUEST_METHOD'] != "POST"){ echo("Unauthorized attempt to access page."); exit; } ?> Best regards, |
|
|
|
|
Jul 20 2008, 02:33 AM
Post
#13
|
|
|
Newbie [ Level 1 ] Group: Members Posts: 0 Joined: 1-November 07 Member No.: 25,869 |
PHP GD Lib random code verification in numbers only please
PHP Tutorial: Form Verification And Simple Validation GD Lib with PHP produces my verification code in random letters and numbers. That exactly is my problem, the letters! I want to use the contact form on a multi lingual webpage with UTF-8 encoded input possible - but forreign languages do not have english alphabets on their keyboards. So I would like to know if it is somehow possible to chnage what GD Lib displays e.G to make it show only numbers. Anyone having an idea?? -reply by Rudolf |
|
|
|
|
Similar Topics
| Topics | Topics | |
|---|---|---|
|
|
|
|
Lo-Fi Version | Time is now: 5th December 2008 - 05:09 PM |