Referer Check

[Outer]

I use this code each time a form is submitted to check to make sure external scripts aren't run when a user wants to submit the data

It also has other uses. Basically an extra security precaution

<?php
// Set this to your domain name
$referer = "domain.com";

// Explode the HTTP_REFERRER address to split up the string
$ref = explode('/', $_SERVER['HTTP_REFERER']);

// next piece of code checks for the 'www.'
// Some people use http://domain.com and others use http://www.domain.com. This will remove the 'www.' as to let users have their choice
if (strstr($ref['2'], 'www.')) { $ref['2'] = str_replace('www.', '', $ref['2']); }

// check if they match or not
if ($ref['2'] != $referer)
{
    echo "You are not allowed to enter information from an external form.";
}
else
{
    // Continue with script
}

 

[Porte]

Oh well, very nice idea actually. Thanks for this
:wave:

 

[skrilla]

interesting. might come in handy some day. thnx

 

[Eric]

Nice. I may implement this in a contact script I'm currently writing. Thanks.


-Eric

 

[bbalegere]

Thanks for the code.It has helped me.