On Tue, 2008-01-29 at 10:21 -0500, Mike Potter wrote:
> There is JavaScript out there, to make a page break out of frames if
> someone else has your page in a frame of theirs.
> Is it possible to do this with PHP or is that the wrong side of
> Server/Client-side operations?
PHP can echo the JavaScript that facilitates the break out.
>
> Related, when target files are PDF's, images, or other than
> .php/.htm(l), does PHP provide any remedies against that
> sort of remote site linking?
The only remedy agaonst remote linking is to embed some kind of
expiration in the link that accesses the document. I usually do this by
using a combination of the document ID, a timestamp, and salt, and md5
or sha1. For instance the following:
<?php
$id = 'THE DOCUMENT ID :)';
$now = time();
$salt = 'Some site specific salt.';
$accessId = $id.':'.$now.':'.sha1( $id.':'.$now.':'.$salt );
echo '<a href="/docs/myDocument.php?id='.urlencode( $accessId ).'">'
.'The Document'
.'</a>';
?>
Then when someone actually requests the page we do the following:
<?php
$salt = 'Some site specific salt.';
$lifespan = 2 * 24 * 60 * 60; // 2 days
if( !($accessId = isset( $_GET['id'] ) ? $_GET['id'] : false) )
{
die( 'No document requested.' );
}
list( $id, $timestamp, $code ) = explode( ':', $accessId );
if( $code !== sha1( $id.':'.$timestamp.':'.$salt ) )
{
die( 'Invalid document request.' );
}
if( (time() - $lifespan) > $timestamp )
{
die( 'Document has expired.' );
}
// Otherwise flush document to browser.
?>
Now this doesn't stop anyone from saving the document locally but it
does prevent linking to your site and wasting your resources. The key to
the method is that only you know the $salt and so only you can create
the encoding that validates the passed ID and timestamp. You can also
add more attributes to the encoding such as a user ID. Then you could
ensure the user is logged in, and that the access ID must match their
logged in ID.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
