On Sun, January 27, 2008 6:38 pm, Chuck wrote: > I have a php file that produces an image and is only referred to from > an img tag like so: > > <img src="getRandImage.php"> > > I want to prevent anyone from directly accessing the getRandImage.php > file. The file has to be world readable or the image will not display. > I played around with testing $_SERVER['HTTP_REFERER'] using regular > expressions but the above image tag appears in the default splash page > and there is no http referer set when they first visit the site. (also > ran into some IE quirkiness as well) I played around with putting > getRandImage.php into a subdirectory that is only viewable by the user > the web server is running as and the image also would not appear. I > couldn't figure out a way to embed this into a function that could be > hidden in a non-world readable subdirectory -- which would be my > preferred approach. (Is there a way to call a php function that > returns an image from within an img tag, instead of calling a php > file?) You can set some kind of cookie in the previous page, and then check that they have the cookie... Or you can require some kind of login to get to the image -- same technique. Referer is useless. Not all browsers send it; and it's far too easy to fake. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
