I have a php file that produces an image and is only referred to from an img tag like so: <img src="getRandImage.php"> I want to prevent anyone from directly accessing the getRandImage.php file. The file has to be world readable or the image will not display. I played around with testing $_SERVER['HTTP_REFERER'] using regular expressions but the above image tag appears in the default splash page and there is no http referer set when they first visit the site. (also ran into some IE quirkiness as well) I played around with putting getRandImage.php into a subdirectory that is only viewable by the user the web server is running as and the image also would not appear. I couldn't figure out a way to embed this into a function that could be hidden in a non-world readable subdirectory -- which would be my preferred approach. (Is there a way to call a php function that returns an image from within an img tag, instead of calling a php file?) I can easily check http request type but the img tag is doing a GET request which is also what request type is used if they try and directly access the URL. I'm sure its something simple I am overlooking. Maybe another $_SERVER variable or something I can work with. fyi: running php 5.2.5 and apache 2.2. Thanks for any help.. /CC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
