I think you can handle this with 2 pages, the first is checking whether the user is permitted to upload or not and if so passing him to the upload form with a simple (bool) $_SESSION variable which indicates his permissions. If you will try to access the second page and the $_SESS variable won't exist it will throw you back to page 1 to validate your permissions. Am I missing something? (its pretty simple..) HTH On 16/06/2008, Per Jessen <per@xxxxxxxxxxxx> wrote: > > Jim Lucas wrote: > > > Per Jessen wrote: > >> Michelle Konzack wrote: > >> > >>> My biggest problem is, that the "/fileupload.php" was always > >>> references > >>> from outside my webspace. OK, I was thinking this can be solved > >>> by > >>> using HTTP_REFERER which has then worked for some days but NOW > >>> those pigs are back and sending spoofed HTTP_REFERER. > >>> > >>> Since I have only a VHost @ISP I can not go deeper into the > >>> Apache2 config what I have done when I was running my own server. > >>> > >>> Can anyone suggest me something, how to block requests from outside? > >> > >> Check client IP-addresses? > >> > >> > >> /Per Jessen, Zürich > >> > >> > > > > The problem that the OP is going to run into is the "Chicken before > > the Egg" problem. PHP will not start processing until the file upload > > has already been completely uploaded. > > I was about to say "Then let apache check it", but I hadn't read the > last paragraph of the OPs question. > > > /Per Jessen, Zürich > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
