[eluser]novice32[/eluser]
I would like to add some "extra" security to a public web form. Which is a better option? I know there are advanced spam bots, but thought to still ask.
OPTION 1) set a session value when the controller function is requested
Code:
$this->session->set_userdata('token',"some_constant_text");
Upon a form POST, I would confirm the session value:
Code:
if ($this->session->userdata('some_constant_text') == 'some_constant_text') {
return true;
} else {
return false;
}
Cookie values are encrypted.
OPTION 2) Pass a token value to hidden form field, and validate it upon return;
Controller:
Code:
$data['token'] = $this->input->ip_address();
View:
Code:
<?php echo form_hidden('token', $token); ?>
Controller Input Validation:
Code:
$token = $this->input->post('token');
$ip = $this->input->ip_address();
if ( $token == $ip) {
return true;
} else {
return false;
}
Let me know your thoughts.... maybe some of you will say both options??