ok, so i made a file manager and i need to prevent people from linking directly to files that do not come from another part of the site.
i know i can use http_referer, but i wonder how fool proof it is, i dont want to spit out errors to a legit user that actually came from a valid page before trying to access the file url. some people have said http_referer is not always accurate.
I wouldn't rely on http_referer at all. Why not start a session when people enter your site and ensure a valid session is created before your file manager serves the file?
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
