Is there a script you can use in your PHP MAILER to to make sure the page requesting the mailer is from your domain?

Question

Is there a script/code you can use in your PHP MAILER to to make sure the page requesting the mailer is from your domain?

<form id="auto" method="post" action="https://www.url.com/inc/quickquote.php">

Now in quickquote.php I would like a script of some kind that makes sure the request comes from the url I specify before it runs the mailer. My fear is someone can make a page of there choosing and modify it to use my mailer script and do dumb stuff using my input names for spamming or something.

preventing csrf in php

now using this does not really help as whats too stop them from going to my site getting the value out of the view source code and imputing that value into their form?

score 0 · Answer 1 · answered Apr 21 '15 at 15:34

You can check the HTTP referer header to see where a page link has come from, but it's not reliable. Best bet is to generate a one-time token for the page that is submitted with the form - that way no other pages can submit the form because they will not have the correct token.

Is there a script you can use in your PHP MAILER to to make sure the page requesting the mailer is from your domain?

1 Answers1