I have an HTML form which gets submitted to a PHP page for processing.
I would like to confirm on the processing page that the form was submitted from my site instead of somebody else's.
How to make sure requests can only come from pages I served?
Asked
Active
Viewed 311 times
0
-
http://stackoverflow.com/questions/5410238/how-to-check-if-a-request-if-coming-from-the-same-server-or-different-server – Tosin Onikute Jul 26 '15 at 11:46
1 Answers
0
Maybe something like this can be done.
<?php
//Make sure your nonce is a number used once, or Random and generated per request.
$_SESSION['formhash'] = md5('any value to be hashed');
?>
<form> <!-- Form to be posted -->
<input type="hidden" name="hashed" id="hashed" value="<?php echo $_SESSION['formhash']; ?>" />
</form>
<!-- After Form is Posted, Probably the another page -->
<?php
if(isset($_POST["hashed"])){
if($_POST["hashed"]==$_SESSION['formhash']){
//Process your Form
}else{
//Do SOmething Else
}
}
?>
You can read this for more info as well Using a nonce as a security solution in PHP
Community
- 1
- 1
Tosin Onikute
- 3,883
- 6
- 38
- 61