Not a Member Yet,
Click here to Register

ID: 525
Viewed: 3492
Added: Feb 19, 2004
Version: 1.0
Snippet uploaded by: snippet
Written By: Putts
Demo: Sorry, no demo



User Rated at: 0 Stars
Rate This:

Thank you for your vote. Please wait...

It appears you already voted for this snippet

It appears your vote value was empty

When developing an input form and I want to build some page validation scripts, I prefer to use client-side so I that can do fancy stuff like highlighting fields that aren\'t filled out correctly and what not. However, the big concern with using just client-side scripting is that someone could always d/l the source to your entry form, put in their own submit button and submit the page with invalid values back to your site by explicitly setting the form action to point to your site.

Well, here is a blocker to stop such attacks on your forms. It\'s a simple little function that verifies that the server making the request matches the server that is processing it.

<!---Head--->
<% 
Function sameServer()
dim strSource,arrSource
arrSource = split(request.ServerVariables("HTTP_REFERER"),"/")
strSource = arrSource(2)
if lcase(request.ServerVariables("SERVER_NAME")) = lcase(strSource) then
sameServer = ""
else
sameServer = strSource
end if
End Function
%>

<!---Body--->


 // in the page that processes the form info
// call the function.

<%
dim strResult
strResult = sameServer()
if strResult = "" then
Response.write("Congrats")
else
Response.write("Processing not allowed from " & strResult)
end if
%>


No Comments to show

Please completely fill out the form below if you want to review this snippet. All reviews are subject to validation.


Replying to a Comment...


Adding your comment. Please wait...

Thanks for adding your comment!. After further review it will be added.

There was a problem adding your comment. Please try again.

Please complete all the fields in the form before sending.

© 2002 - 2024 snippetlibrary.com All Rights Reserved. Conditions
Do NOT follow this link or you will be banned from the site!