What's the best way to authenticate where a request is coming from? I want my application to redirect to a standard message page if the request didn't come from a defined web page.
Requirements:
PHP
Users have to be able to define the source, eg. set up database records defining valid source pages.
This doesn't have to be super secure, just thwart that average user.
I've looked into using $_SERVER['HTTP_REFERER'] value, but seen posts here suggesting this is a bad idea. What's better?
Thanks in advance, John