POST to other server

Forum Moderators: coopster

Message Too Old, No Replies

POST to other server

possible?

rokec

8:14 pm on Jun 3, 2007 (gmt 0)

Can i POST variables via form to other server?

<form method="post" action="www.some-other-domain.com/receive.php">
//inputs
</form>

www.some-other-domain.com/receive.php:

echo($_POST['var']);

Would this work?

hughie

8:46 pm on Jun 3, 2007 (gmt 0)

yes indeed, just make sure there is nothing too sensitive being passed.

[edit]

i'm sure you're aware but will mention it anyway, just make sure you've the http:// in the action.

rokec

9:01 pm on Jun 3, 2007 (gmt 0)

Thanks for help.

So why then isn't this method more widely used for MMORPG games cheating?

hughie

9:27 pm on Jun 3, 2007 (gmt 0)

I'm not familiar with their setups, but i'm sure they'll have security in place and probably don't allow posts from external sources.

rokec

9:47 pm on Jun 3, 2007 (gmt 0)

How can you determine from where POST was submitted?

hughie

10:05 pm on Jun 3, 2007 (gmt 0)

You can use PHP's referer attribute $_SERVER['HTTP_REFERER'] however that's not great and can be spoofed.

better is to set some kind of token when the form loads, store it as a session variable and pass it in the form.

When the form is submitted, compare the session variable with the post variable, if they're different, then the POST has hit the page direct, possibly from a remote server.

rokec

10:13 pm on Jun 3, 2007 (gmt 0)

Can you write an example how this HTTP_REFERRER can be spoofed?

Really thanks for your help. I learned a lot.

barns101

10:35 pm on Jun 3, 2007 (gmt 0)

The referrer is sent by the browser as a header and so it can either be completely omitted, or set to anything you choose.