Code Forums - View Single Post

sde · 09-06-2005, 02:53 PM

hmm good thinking, here's an idea that wouldn't even require sessions. the simplest way is probably to check for $_SERVER['HTTP_REFERER'] and make sure it has the domain in it.

PHP Code:


			
<?php

if( !strstr($_SERVER['HTTP_REFERER'],"mydomain.com") ){

  // don't send

} else {

  // send

}

?>

bottom line is that images can be read, sessions could be mocked, and referer headers can be manipulated, .. but will they re-program specifically for this site? probably not.

good luck.

09-06-2005, 02:53 PM	#5 (permalink)
sde Moderator Join Date: May 2002 Location: us.ca Posts: 4,505	hmm good thinking, here's an idea that wouldn't even require sessions. the simplest way is probably to check for $_SERVER['HTTP_REFERER'] and make sure it has the domain in it. PHP Code: `<?php if( !strstr($_SERVER['HTTP_REFERER'],"mydomain.com") ){ // don't send } else { // send } ?>` bottom line is that images can be read, sessions could be mocked, and referer headers can be manipulated, .. but will they re-program specifically for this site? probably not. good luck. __________________ Mike