Folks, I have a popup window that I would like to put a mild security constraint on. I don't want others to be able to directly type in the address of this page, modify url parameters, etc. I only want this page accessible if it was triggered from a link on my own website, then I know I can trust the URL parameters, etc. I had thought about parsing the HTTP_REFERER and extracting the host, and comparing it with my domain name. This would tell me if a valid link was clicked.
One problem... HTTP_REFERER appears to be empty when it's a new window. For some reason I thought the referer would still be detected. Am I up a creek? Is there anyway for a popup window to get the page referer (in other words, the popup opener)? Thanks, Joseph. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
