I would like to add sesame and verify it when user come to action page example:
if(isset($_POST["contact-us"])) {
//some code
}elseif(isset($_POST["site-feedback"])) {
//some code
}else{get_error('form');}
my current thought is to add $_SESSION["SESAMEOPEN"]["contact-us"]='uniquesalt'
for say, contact-us.php then the form send to the action page to verify.
The problem I faced is : for instance the user open another page while visiting contact-us.php, the user can still reach action page by manipulate a input type="submit" name="contact-us"
. While method of checking redirect page seems to be able to be spoofed too.
Whats the main-stream way of verifying the action page? What I want is the user can only reach the action.php from the specific form.php .