-1

I'm trying to register with an HTML form, here's what i've got so far:

  1. I have the form in a file under http://localhost/hospital/administrador/registrar-usuario/index.php

  2. This is sent to a file where I check, clean, etc the variables introduced, This file is under http://localhost/hospital/administrador/registrar-usuario/verify.php

  3. What I want is that if the user makes mistake, I create a session with an array of errors in it and the values the user previuosly entered. Then header('Location: .'); redirect them to the index.php. So I can display the erros and save the values of the form, so there's no need to rewrite them all.

  4. Here's the problem: at the beggining of the index.php I check whether the user came from the verify.php page or not. If they don't the session with the values and errors destroys. But the HTTP_REFERER says that the referer is http://localhost/hospital/administrador/registrar-usuario/index.php instead of verify.php

Any ideas of what's going on?

Thanks a lot!!

Is there any other way I can achieve this?

4

1 回答 1

0

根据http://php.net/manual/en/reserved.variables.server.php HTTP_REFERER不能信任,因为它可以更改。

如果你在index.php并且你的会话变量(不管你叫什么)有错误,显示它们并销毁它们是否足够安全?否则什么都不做?

我不确定您使用的是框架还是哪个框架,但您可能遇到了奇怪的重定向问题。

于 2013-07-04T18:38:27.313 回答