• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 48
  • Last Modified:

Server variables for protection

How can I be sure if my html form posted from the  server I trust or outside spammer?

I want to let one of my friend post data from the server i can trust to my page, however i want to block the rest posting data or redirect the page if the form is not coming from trusted server.

How can i do that?
0
BR
Asked:
BR
  • 3
  • 2
1 Solution
 
Ray PaseurCommented:
There is a hierarchy of protections you can apply.  First, let me start by saying that nothing in any HTTP request can be completely trusted.  If the request does not expose important business information or change the data on your server, you do not need to know the origin of the request - it might just be Google setting up links to your site.

So let's assume that you're willing to do a little work to secure a page and make it trustworthy.  Here are some things that may be helpful.

You can password-protect the page using PHP client authentication.  This will let you control who can see the page or post information.

If you just want to be sure that the request came from a human being, you can use CAPTCHA techniques.  There are many such techniques, some are even invisible, but the invisible ones are difficult to prove effective.

If you want to be sure that the request came from a web page in your web site, you might use a form token (the article shows how to check the referrer* variables, too).

If you want to be sure the request came from a specific server, you can test the IP address.  Look in $_SERVER["REMOTE_ADDR"] and compare this to your trusted friend's authorized IP address.

If you know what browser your trusted friend is using, you can look in _SERVER["HTTP_USER_AGENT"].  If this value changes, you can re-authenticate by asking for a password.

Any of these techniques can be useful, and most sites would use a combination of them.

* You can check to see that the request and the referrer contain a match on the URL with something along these lines (a same-origin  check):
$regex = '#' . preg_quote($_SERVER['HTTP_HOST']) . '#i';
if (!preg_match($regex, $_SERVER['HTTP_REFERER'])) return FALSE; 

Open in new window

0
 
BRMarketingAuthor Commented:
Wonderful , thank you
1
 
Dave BaldwinFixer of ProblemsCommented:
This simple program lists all of the server variables that are available on your server.  It changes from server to server so you can't count on all of them being there on all servers.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>PHP Server Variables</title>
</head>
<body><h1>PHP Server Variables</h1>
<?php

//reset($_SERVER);
foreach($_SERVER as $key => $value) {
    echo "<b>$key :</b> $value<br />\n";
}

print_r ($_POST);
?>
</body>
</html>

Open in new window

1
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
BRMarketingAuthor Commented:
Yha k you Dave
0
 
BRMarketingAuthor Commented:
Thank you
0
 
Dave BaldwinFixer of ProblemsCommented:
You're welcome.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now