EntropySink
Technical & Scientific => Programming => Topic started by: Canuck on August 18, 2007, 02:59:58 PM
-
Im working on a site that uses sessions to login/logout.
I have a function that checks if the user is authorized (session variables are set), to view a particular page.
I have a php file: password_validation.php for validating/changing the password. If the user goes to this form and is not logged in, I prompt them with the login form (include ("login_form.php")).
My problem is this: if the user is logged in and goes directly to the password_validation.php script (they can just look at the source code for the form action), It prints out the error messages since no data was passed from a form.
Is there something I can do to say only check the form if its passed from my change_pass_form.php? Is there something else I can do?
Thanks!
edit:
I took a look into $_SERVER['HTTP_REFERER']; and if I submit the entry from my form, it will output the URL (I echo it in the validation script), but if I go directly to the validation script from another page, it doesnt recognize the REFERER. Is that value only set if its from a form?
I know it still isnt a secure way of checking things.. I just dont want the error messages being outputted if someone didnt actually submit something from the form.
Thanks