Posted by John Holmes on 10/04/63 11:09

Sebastian wrote:
> ok, so i made a file manager and i need to prevent people from linking
> directly to files that do not come from another part of the site.
>
> i know i can use http_referer, but i wonder how fool proof it is, i dont
> want to spit out errors to a legit user that actually came from a valid page
> before trying to access the file url. some people have said http_referer is
> not always accurate.

I wouldn't rely on http_referer at all. Why not start a session when
people enter your site and ensure a valid session is created before your
file manager serves the file?

--

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

• Next in forum: Re: [PHP] getting mac id
• Prev in forum: Re: [PHP] HOWTO read PHP source code into a textarea
• Thread view: Re: [PHP] http referer

[Reply to this message]