On Jan 29, 2008, at 10:58 AM, Robert Cummings wrote:
On Tue, 2008-01-29 at 10:21 -0500, Mike Potter wrote:
There is JavaScript out there, to make a page break out of frames if
someone else has your page in a frame of theirs.
Is it possible to do this with PHP or is that the wrong side of
Server/Client-side operations?
PHP can echo the JavaScript that facilitates the break out.
Related, when target files are PDF's, images, or other than
.php/.htm(l), does PHP provide any remedies against that
sort of remote site linking?
The only remedy agaonst remote linking is to embed some kind of
expiration in the link that accesses the document. I usually do this
by
using a combination of the document ID, a timestamp, and salt, and md5
or sha1. For instance the following:
<?php
$id = 'THE DOCUMENT ID :)';
$now = time();
$salt = 'Some site specific salt.';
$accessId = $id.':'.$now.':'.sha1( $id.':'.$now.':'.$salt );
echo '<a href="/docs/myDocument.php?id='.urlencode( $accessId ).'">'
.'The Document'
.'</a>';
?>
Then when someone actually requests the page we do the following:
<?php
$salt = 'Some site specific salt.';
$lifespan = 2 * 24 * 60 * 60; // 2 days
if( !($accessId = isset( $_GET['id'] ) ? $_GET['id'] : false) )
{
die( 'No document requested.' );
}
list( $id, $timestamp, $code ) = explode( ':', $accessId );
if( $code !== sha1( $id.':'.$timestamp.':'.$salt ) )
{
die( 'Invalid document request.' );
}
if( (time() - $lifespan) > $timestamp )
{
die( 'Document has expired.' );
}
// Otherwise flush document to browser.
?>
Now this doesn't stop anyone from saving the document locally but it
does prevent linking to your site and wasting your resources. The
key to
the method is that only you know the $salt and so only you can create
the encoding that validates the passed ID and timestamp. You can also
add more attributes to the encoding such as a user ID. Then you could
ensure the user is logged in, and that the access ID must match their
logged in ID.
Cheers,
Rob.
I'm probably about to show my ignorance here... But by showing it
hopefully, I can learn from it! Wouldn't it be just as effective to
have a salt that gets passed to the script and do something like:
if($salt ="Correct salt"){
//display correct picture
}else{
//display some random picture of a guy flipping you the bird and echo
out Don't steal my pictures
}
Now that I type that out, I see that it will still use bandwidth which
if you are on a measured plan I could see being a problem.
So I think I just convinced my self that yours is better... Any thing
really wrong with my idea though?
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
japruim@xxxxxxxxxx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php