I've come up with this to stop spoofed forms.
Empty file created.
Filename passed as hidden value in form, as I'm passing values anyway.
Doesn't matter if hidden value is viewed.
[inputform.php]
$code = md5(time());
$fp = fopen("tmp/$code", 'w');
fclose($fp);
If file exists, delete file, else access refused.
[testpage.php]
$code = $_POST['code'];
if (file_exists("tmp/$code")) {
unlink("tmp/$code");
}
else {
echo "Access refused!";
exit;
}
continue with input checks etc.
I'm pretty chuffed with it, though you pro's will probably shoot it down.
Is it any good?
Bob.
Community email addresses:
Post message: php-list@yahoogroups.com
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
