Get request host in PHP
I'm developing a website by Zend. Some people create a html file imitate my login view. Action in form point to my controller to submit. I don't other login outsite from my websites. So how can I prevent other domains submit form to my controller? I tried to get request host name of "requester pages" to compare theirs domain with mine, then return error if user login from other sites.
you could check the refferer if it is in your domain (or empty)
add a hidden input field an generate a token on every display. if the token is wrong, don't continue and redirect them to your login page. Be sure that every token can only used once, by one user (same session/ip) and only for e.g. 1 hour
Check the ZF manual for CSRF protection, which is the standard, built-in way to solve this problem.
there would be easiest way to prevent out side users to login into your site
- user zend captcha to generate every time new code to login session
you can use below link as reference to use in login page