Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Senior Coder
    Join Date
    Jun 2002
    Location
    near Oswestry
    Posts
    4,508
    Thanks
    0
    Thanked 0 Times in 0 Posts

    PHP mailform script intermittently fails to validate referer

    I have a mailform script - demo at http://www.mori.com/test_form_mori.html - which validates by referer. But every so often it fails to validate and outputs the "illegal referer" message (which asks the user to report the error to me).

    I don't know why it fails - I can't make it happen when I try; but every so often I get an email from someone saying they got the error message.

    Can anyone shed light on this? I've attached the full script.
    Attached Files Attached Files
    "Why bother with accessibility? ... Because deep down you know that the web is attractive to people who aren't exactly like you." - Joe Clark

  • #2
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The problem is that $_SERVER['HTTP_REFERER'] is not always available. This value is optional for HTTP requests, and if the client choses not to send the information on which page he has been/requested previously, you can't do anything about it. Also, sometimes proxies or firewalls filter out this extra header, and that's most likely the case with the users for whom the form doesn't seem to work.

  • #3
    Senior Coder
    Join Date
    Jun 2002
    Location
    near Oswestry
    Posts
    4,508
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Oh okay; thanks.

    Presumably then everyone has this issue - is there an accepted way of dealing with it?

    If it comes down to, reproduce the message text and ask people to use their own mail software to send it, any suggestions on what to say - a non-technical explanation of why this has happened?
    "Why bother with accessibility? ... Because deep down you know that the web is attractive to people who aren't exactly like you." - Joe Clark

  • #4
    New Coder
    Join Date
    Mar 2003
    Location
    Somewhere far beyond
    Posts
    99
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Browser malfunction
    WBR, Weirdan.

  • #5
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    brothercake, I think you're gonna shoot yourself in the foot if you present the user with a short non-technical message that stays close to truth. It would be like:

    "Your request could not be processed because you or your network administrator values security and privacy."



    +1 from for weirdans suggestion. Alternatively, is this referer thingie so important? Could you perhaps switch to sessions (though that would only help you if the referring files are all on the same machine)?

  • #6
    Senior Coder
    Join Date
    Jun 2002
    Location
    near Oswestry
    Posts
    4,508
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well I don't know ... I used referrer information to prevent leeching; I've never used sessions - you mean validate the form script by reference to the session ID (and don't process if there isn't one)?
    "Why bother with accessibility? ... Because deep down you know that the web is attractive to people who aren't exactly like you." - Joe Clark


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •