Get request host in PHP

I'm developing a website by Zend. Some people create a html file imitate my login view. Action in form point to my controller to submit. I don't other login outsite from my websites. So how can I prevent other domains submit form to my controller? I tried to get request host name of "requester pages" to compare theirs domain with mine, then return error if user login from other sites.

Answers


  1. you could check the refferer if it is in your domain (or empty)

  2. add a hidden input field an generate a token on every display. if the token is wrong, don't continue and redirect them to your login page. Be sure that every token can only used once, by one user (same session/ip) and only for e.g. 1 hour

EDIT: see https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet


Check the ZF manual for CSRF protection, which is the standard, built-in way to solve this problem.


there would be easiest way to prevent out side users to login into your site

  1. user zend captcha to generate every time new code to login session

you can use below link as reference to use in login page

http://mnshankar.wordpress.com/2010/06/01/zend-form-element-captcha/


Need Your Help

Top window's URL form inside of multiple nested cross-domain iFrames

javascript iframe cross-browser cross-domain

My content (including JS) is served in an iFrame that is then encapsulated in middleman's (distributor) iFrame that is then loaded by a publisher into his website. All 3 frames are served from diff...

How to save bitmapimage in Isolated storage?

silverlight isolatedstorage bitmapimage client-object-model

I am developing silverlight web part by using the client object model. I am getting the bitmap image from sharepoint server. Now I want to save this bitmap image in isolated storage. So I am using