Posted by cmcnaught on 09/14/05 17:37

Just in case anyone else is looking at this with the same problem...
What I decided to do to be pretty sure the processing page is being
called from my form (not a fake one with a bcc injection) is to add
hidden variables to the form that are derived from manually form
entered variables and filled in after the submit button is pressed.
This could be as simple as posting a string length variable for each or
some of the input values and then checking this in the form
processor/emailer page script. Or generate a key from the input in the
form and compare it with a key generated by the processor page. This
would be pretty hard to circumvent by any non-manual method.
Any other ideas would be appreciated.
cj

• Next in forum: Missing libphp5.so from my PHP v5.0.5 install
• Prev in forum: mail-form php
• Thread view: Re: form processing spammed

[Reply to this message]