Hi all. I've got a simple mailer script that I wrote a few years ago that has been acting up over the past week.
The problem is with the following check I perform at the very top of the script: if (!stristr($_SERVER['HTTP_REFERER'],"unbc.ca")) { die("You can't access this script outside of our domain."); } The mailer is located in my personal webspace on the web.unbc.ca server and the calling forms are all located on www.unbc.ca. For some reason some people (apparently around 10 over the past week) are getting this error from two particular forms, but I know for certain that these forms are within our domain. Does anyone know why this would be happening other than someone making an illegal copy of the form and posting it on another domain (which I doubt is the case)? As I wrote earlier this script is about three years old, so at the time I didn't code using the $_SERVER and $_POST vars and just refered to them variable names explicitly. However, the PHP version on the machine hasn't changed for a long time (4.1.2) so I can't see why this would suddenly start happening now. To be safe I've just converted all the $_SERVER and $_POST vars in the script to use these references, so I'll be interested to see if the error goes away but I doubt it will. I was debating writing a simple regular expression to use instead of the stristr check but I don't really think it will make a difference as the only way the stristr check will fail is if the string 'unbc.ca' is NOT found in the referring page. Does anyone have any idea what could be causing this problem? Short of removing the check altogether I can't really see another way around it. Cheers and thanks much in advance, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php