| |||
| |||
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
| Hi Errol, OK, I tried to go this route, and I'm not sure if I'm doing it right. Here's what I did. The form loads and this happens. <CODE>------------------------- session_start(); . . . $token = md5(uniqid(rand(),true)); $_SESSION['form_lock'] = $token; . . . <input type="hidden" name="form_lock" value="{$token}"> </CODE>------------------------- Then when the form is submitted, I check the hidden field against the session variable like so. <CODE>-------------------------- session_start(); if (!isset($_SESSION['form_lock']) || !isset($_POST['form_lock']) || $_SESSION['form_lock'] != $_POST['form_lock']) { header("Location: elistCE.php?action=""> exit; } </CODE>------------------------- Is this how what you were speaking about? It works, but all a spammer would have to do is load the form, look at the source code, find the input tag with the token value, plug it into his script and he can get through. Now am I over simplifying this or doing it the wrong way (not how you do it)? Thanks, Mark ---------------------------- On Nov 21, 2006, at 11:28 AM, Errol Sayre wrote:
|
_______________________________________________ Do not post admin requests to the list. They will be ignored. Web-dev mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/web-dev/email@hidden This email sent to email@hidden
| References: | |
| >Email spam - possible problem. (From: Mark Wheeler <email@hidden>) | |
| >Re: Email spam - possible problem. (From: Errol Sayre <email@hidden>) |
| Home | Archives | FAQ | Terms/Conditions | Contact | RSS | Lists | About |
Visit the Apple Store online or at retail locations.
1-800-MY-APPLE
Contact Apple | Terms of Use | Privacy Policy
Copyright © 2007 Apple Inc. All rights reserved.
