Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Nov 2008
    Posts
    19
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Viewing page a form is submitted from

    I was wondering if there was any way to view what page a form was submitted by. For example, I have a page called "signup.php" where users can fill in a form and they will be registered in a database. I have a reason to believe somebody is sending signups from a different page besides my own. So they basically are making the form "action page" the same as mine. Do you get what i mean? Is there anyway to detect this?

  • #2
    The Apostate Apostropartheid's Avatar
    Join Date
    Oct 2007
    Posts
    3,215
    Thanks
    16
    Thanked 265 Times in 263 Posts
    HTTP referer or hidden input?

  • #3
    New Coder
    Join Date
    Nov 2008
    Posts
    19
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Apostropartheid View Post
    HTTP referer or hidden input?
    Even if I have a hidden input, cant you still see it in the source code? Can an HTTP referrer be faked as though it was my own site?

  • #4
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,865
    Thanks
    160
    Thanked 2,224 Times in 2,211 Posts
    I have a reason to believe somebody is sending signups from a different page besides my own. So they basically are making the form "action page" the same as mine. Do you get what i mean? Is there anyway to detect this?
    You may set a session variable in your sign-up page whose name would be hard to guess. CAPTCHA will also serve the same purpose ( with some additional features).
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #5
    The Apostate Apostropartheid's Avatar
    Join Date
    Oct 2007
    Posts
    3,215
    Thanks
    16
    Thanked 265 Times in 263 Posts
    Sessions are really the best option (CAPTCHAs less so, I guess), but if you just want to catch them out once, checking the HTTP headers *should* suffice. If you know how to do sessions, though, go for it.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •