Hi,

I'm encountering a problem with the 'verify referrer' in Jack's Formail.php, and I can't see why on earth this is not working.

From the instruction: By placing lumbroso.com in the referers array, this also allows http://www.lumbroso.com, ftp.lumbroso.com, lumbroso.com/dir/file/, any other http address with lumbroso.com in it and lumbroso.com's IP (216.64.145.194) address to access this script as well, so no users will be turned away.

Syntax: $referers = ('lumbroso.com','216.64.145.194');

Well when I add my domain as instructed, it always comes up I'm "sending from an unauthorised domain". I'm sure the script can't be bugged as its so widely used. Therefore does anyone know whats causing this to happen. I need this security so I would like to sort it out.

Here's the relevant code:


// referers.. domains/ips that you will allow forms to
// reside on.
$referers = array ('chillisauce.co.uk');

// function to check the referer for security reasons.
// contributed by some one who's name got lost.. Thanks
// goes out to him any way.
function check_referer($referers){
if (count($referers)){
$found = false;
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
for ($x=0; $x < count($referers); $x++){
if ($referers[$x] == $referer){
$found = true;
}
}
if (!$found){
print_error("You are coming from an <b>unauthorized domain.</b>");
error_log("[FormMail.php] Illegal Referer. (".getenv("HTTP_REFERER").")", 0);
}
return $found;
} else {
return true; //Not a good idea, if empty, it will allow it.
}
}
if ($referers)
check_referer($referers);


Thanks in advance!