PHP "Wrong referrer" error when submitting a mail form

Question

I am pretty new to php, but I am learning! I have a simple form on a client website. I am testing the form and when I click submit, I get the following error:

Form Mail Script

Wrong referrer (referring site). For security reasons the form can only be used, if the referring page is part of this website.

Note for the Admin: Please add the name of your server to the referrer variable in the index.php configuration file: mywebsite.com

Powered by Form Mail Script

I am looking through the forms configuration and support files but I do not understand exactly what it is I need to change.

Can someone please explain to me what the Admin note above means and how to fix it?

Thanks.

Answer 1

You are obviously using the Form Mail script on your page. It has a security feature that prevents other domains from submitting to the form. This is done to prevent bots from using the script to send out spam.

In the configuration for the form mail script or in the script itself, you will find an array or variable with the referrers listed. This is the sites that you want to allow calling of this form mail. You should add your own domain to this list or assign it to this variable.

Sorry, I haven't used this script, so I can't be more specific.

Answer 2

Doing a quick search for the error you're seeing, I found this link: http://www.stadtaus.com/forum/t-3528.html

Not sure if that helps you in this case since I'm unfamiliar with the tool you're using but it seemed like a good fit.

Answer 3

The referrer is a value that's usually sent to a server by a client (your browser) along with a request. It indicates the URL from which the requested resource was linked or submitted. This error is part of a security mechanism in FormMail that is intended to prevent the script from handling input that doesn't originate from your website.

For example, say your form is at http://www.foo.com/form.html and your script is at http://www.foo.com/script.php. If the script does not check the referrer value, I can create a form on my site at http://www.bar.com/myform.html and submit it to your script. Scripts that send mail are often abused in this manner to send spam.

To fix your problem, find the parameter in your script's configuration file that indicates the referrers that your script should handle input from and change it to include your domain or the specific URL of your page.

Note that referrer is generally misspelled as REFERER with only one 'R' within the context of the HTTP protocol.

Answer 4

The line you want to change is:

$referring_server = 'http://www.mywebsite.com, scripts';

Changing it to something like this will probably work:

$referring_server = 'yourdomain.com';