Author Topic: Another PHP Question  (Read 2033 times)

Canuck

  • Eh?!!
  • Founders
  • Posts: 792
  • Karma: +51/-3
  • Andy Moog Fan
    • My Website
Another PHP Question
« on: August 18, 2007, 02:59:58 PM »
Im working on a site that uses sessions to login/logout.

I have a function that checks if the user is authorized (session variables are set), to view a particular page.

I have a php file: password_validation.php for validating/changing the password. If the user goes to this form and is not logged in, I prompt them with the login form (include ("login_form.php")).

My problem is this: if the user is logged in and goes directly to the password_validation.php script (they can just look at the source code for the form action), It prints out the error messages since no data was passed from a form. 

Is there something I can do to say only check the form if its passed from my change_pass_form.php? Is there something else I can do?

Thanks!

edit:

I took a look into $_SERVER['HTTP_REFERER']; and if I submit the entry from my form, it will output the URL (I echo it in the validation script), but if I go directly to the validation script from another page, it doesnt recognize the REFERER. Is that value only set if its from a form?

I know it still isnt a secure way of checking things.. I just dont want the error messages being outputted if someone didnt actually submit something from the form.

Thanks
« Last Edit: August 18, 2007, 03:20:33 PM by Canuck »