mysql - prevent Posting Data From Different Domain PHP -


i have form in php page. in page, opening window popup. in popup there fields. fill form , submit it. after submitting form send mail user. form user can give reference of website friend sending mail him. unfortunately hacked website , uses php script sending mails. so, want restrict access of php script outside server. should restrict access. have tried option did not success.

there 2 ways can mitigate this, totally stopping not possible.

use http referer:

$referer = parse_url($_server['http_referer']); $alloweddomain = 'yourdomain.com';  if ($referer['host'] == $alloweddomain){      //process mail script here. }

note can not trust http_referer value. can spoofed.

use tokens:

generate random token , put within form post like:

if (!isset($_post['submit'])){     $_session['random_code'] = rand(0, 1000000); }else{     if ($_post['random_code'] == $_session['random_code']){         //process mail script here          //reissue session code         $_session['random_code'] = rand(0, 1000000);     } } <input type='hidden' name="random_code" value="<?php echo $_session['random_code'];?>">

save random code in session. , when form submitted, match submitted random_code value code saved in session. if both same process mail script.

in way, attacker has first open page, random code , submit form. not stop attack, slow down process.


Comments

Post a Comment

Popular posts from this blog

php - How to add and update images or image url in Volusion using Volusion API -

actually have store importing products store product data insert , update image or image url not insert , update. this xml code name datapro.txt. <products_joined> <productcode>3710_012t</productcode> <vendor_partno>eah5450silent/di/1gd3(lp)</vendor_partno> <productname>test product ta</productname> <hideproduct>n</hideproduct> <stockstatus>20</stockstatus> <lastmodified>1/5/2016 10:25:00 am</lastmodified> <lastmodby>2</lastmodby> <productweight>0.9</productweight> <productprice>100</productprice> <productmanufacturer>asus tek</productmanufacturer> <vendor_price>32.69</vendor_price> <numproductssharingstock>0</numproductssharingstock> <categoryids>107</categoryids> <producturl>http://tebkq.mvlce.servertrust.com/productdetails.asp?productcode=3710_012t</producturl>
Read more

javascript - IE9 error '$'is not defined -

Image
<!--[if lte ie 9]><html class="lte9"><![endif]--><!--[if gt ie 9]><html><![endif]--> <!--[if !ie]><!--> <html> <!--<![endif]--> blah blah <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.1/jquery.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> <script src="{{ asset('js/mypage.js') }}" type="text/javascript"></script> </body> </html> when load page, ie9 brings error '$' not defined . how can solve error? +++ mypage.js $(function(){ //when load page, //ie9 tag not moving. $(window).load(function() { $('div.mask').hide(); }); // when click , willshow show. //for not ie 9 if (!$('html').hasclass('lte9')) { var = $('ul.about > li > span.activebtn');
Read more