Reputation: 1
how to filter who sends data from html file containing a form sent via post to a php file
so when I try to send a data from html file form via post and set the action to my PHP file, it receives data without validating from whom it was sent. so I want to filter the data sent to my desired or trusted sites or html files.
Upvotes: 0
Views: 39
Answers (3)
Reputation: 612
You need CSRFP - cross-site request forgery protection.
I've used https://github.com/deceze/Kunststube-CSRFP successfully in the past, very easy to implement & written by a member from here
Upvotes: 1
Reputation: 130
To validate the sender of the form you can use a token.
This practice is commonly seen with CSRF protection. Most sites uses the Synchronizer Token Pattern. which adds a hidden input field with a md5 hash in it that your site also has stored in memory.
More information here: OWASP CSRF
Upvotes: 0
Reputation: 127
If you are using ajax post request then you should check for isAjaxRequest as per your framework or you should try HTTP_REFERER of $_SERVER to check from where request is coming.
Upvotes: 0
Related Questions
- trying to identify which form submitted in php
- Know where request came from
- How can I post form into same php page and intercept it?
- Track the POST request
- How do I prevent others from sending their own data to my php page?
- identify the sender FORM in the $_POST array
- Detecting which form was submitted in php
- html php identifying the form posting data
- What's a good way to determine where POST information was sent from
- How do I identify where the POST data sent to a PHP script came from?