Ok, bear with me...i'm not sure if my working is correct here but see if you
can understand what I am trying to do here...
We have a php script that processes some form data and deposits it into a
mysql database and emails the contact information to our sales team.
I want to protect the script from being called from anyplace other than the
URL in which the form is on.
My thinking was that if i did a if/elseif check to verify that $HTTP_REFERER
is equal to the URL of the script that i would be in good shape....and i
think it will be except i can't seem to get it to work.
what I have right now is
if ($HTTP_REFERER = "http://domain.com/formurl") {
main script is excecuted ( about 30 lines of code, basic stuff)
} else {
echo "Execution of this script is not allowed outside of our domain; }
now what appears to be happening is that $HTTP_REFERER is always set to
http://domain.com/formurl even i call the script directly and my browser is
on yahoo....it appears to be setting the enviroment variable for me instead
of checking it.
Any help in fixing this most basic problem would be appreciated.
Oh i'm using php 4.3.2
Cheers,
Gary