On Thu, Mar 27, 2008 at 9:27 PM, Robert Cummings <robert@xxxxxxxxxxxxx> wrote:
> <?php
>
> $sekret = 'the brown cow stomped on the wittle bug';
>
> $id = isset( $_GET['id'] ) ? (int)$_GET['id'] : 0;
> $key = isset( $_GET['key'] ) ? (string)$_GET['key'] : '';
>
> if( $key == sha1( $id.':'.$sekret ) )
> {
> header( 'Content-Type: image/jpg' );
> readfile( "/images/not/in/web/path/$id.jpg" )
> exit();
> }
>
> //
> // Failure... tell them to bugger off :)
> //
> header( 'Content-Type: image/jpg' );
> readfile( '/images/wherever/you/please/buggerOff.jpg' );
> exit();
>
> ?>
I'd add on to this a bit like so:
<?php
// Rob's code up to here.
$path = "/images/not/in/web/path/";
if($key == sha1($id.':'.$sekret)) {
if(file_exists($path.$id) && is_file($path.$id) &&
is_readable($path.$h)) {
header('Content-Type: image/jpg');
readfile($path.$id);
exit(0);
} else {
header('Content-Type: image/jpg');
readfile($path.'image-does-not-exist.jpg');
exit(1);
}
} else {
header('Content-Type: image/jpg');
readfile($path.'incorrect-id.jpg');
exit(1);
}
?>
--
</Daniel P. Brown>
Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
