> The script , makeMoviePlaylist.php, is calling itself on the server > with > makeMoviePlaylist.php?cmd=getmovie&path=encrypted_path_to_the_movie > The script, makeMoviePlaylist.php, accepts the request because it > originated from ITSELF on the server... How do you *KNOW* it originated from ITSELF? Can't I just fake it out by copying the URL you are using? > This request was sent from OUTSIDE the server. The main script, > makeMoviePlaylist.php, realizes the this request did not originate > from itself on the server Again, how you do *KNOW* that to be true? What's the big picture again? They need to login to see the movies, right? Or is it something else? If just need login, use http://php.net/session_start and friends as I just posted. If it's something else, session_start() may not help. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
