...

View Full Version : PHP mailform script intermittently fails to validate referer



brothercake
04-11-2003, 01:53 PM
I have a mailform script - demo at http://www.mori.com/test_form_mori.html - which validates by referer. But every so often it fails to validate and outputs the "illegal referer" message (which asks the user to report the error to me).

I don't know why it fails - I can't make it happen when I try; but every so often I get an email from someone saying they got the error message.

Can anyone shed light on this? I've attached the full script.

mordred
04-11-2003, 03:46 PM
The problem is that $_SERVER['HTTP_REFERER'] is not always available. This value is optional for HTTP requests, and if the client choses not to send the information on which page he has been/requested previously, you can't do anything about it. Also, sometimes proxies or firewalls filter out this extra header, and that's most likely the case with the users for whom the form doesn't seem to work.

brothercake
04-11-2003, 03:58 PM
Oh okay; thanks.

Presumably then everyone has this issue - is there an accepted way of dealing with it?

If it comes down to, reproduce the message text and ask people to use their own mail software to send it, any suggestions on what to say - a non-technical explanation of why this has happened?

Weirdan
04-11-2003, 04:00 PM
Browser malfunction :)

mordred
04-11-2003, 05:52 PM
brothercake, I think you're gonna shoot yourself in the foot if you present the user with a short non-technical message that stays close to truth. It would be like:

"Your request could not be processed because you or your network administrator values security and privacy."

:D

+1 from for weirdans suggestion. Alternatively, is this referer thingie so important? Could you perhaps switch to sessions (though that would only help you if the referring files are all on the same machine)?

brothercake
04-16-2003, 11:20 PM
Well I don't know ... I used referrer information to prevent leeching; I've never used sessions - you mean validate the form script by reference to the session ID (and don't process if there isn't one)?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum