>> > Try this
>> > if(getenv("HTTP_REFERER")!="/path/index.php") die("Possible attack");
>>
>> try... - but don't trust.
> if i have 10 pages that can refer to block_search.php, does it mean i
> have to write 10 times of each pages?
One possible solution (code untested) is if you include 10 times a
function...
<?php include('lib/myreferer.php'); myreferer_create(); ?>
and in the form script you check:
<?php include('lib/myreferer.php'); myreferer_onfailure('location:
index.php?error=myreferer'); ?>
<?php // lib/myrefferer.php
session_start();
session_register('myreferer');
function myreferer_create()
{
if (!$_SERVER['REMOTE_IP']) die('you do not have an ip?');
$_SESSION['myreferer']['ip']=$_SERVER['REMOTE_IP'];
$_SESSION['myreferer']['date']=date('y.m.d');
$_SESSION['myreferer']['sum']=md5($_SERVER['REMOTE_IP'].date('y.m.d'));
} // myreferer_create()
function myreferer_onfailure($redirecturl)
{
if (!is_array($_SESSION['myreferer'])
|| !is_array($_SESSION['myreferer']['ip'])
|| !is_array($_SESSION['myreferer']['date'])
|| !is_array($_SESSION['myreferer']['sum']))
||
$_SESSION['myreferer']['sum']!=md5($_SESSION['myreferer']['ip'].$_SESSION['myreferer']['date']))
{
header($redirecturl);
die();
}
} // myreferer_onfailure()
?>
THT
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
