On Sat, 2003-02-15 at 11:13, Michael Mulligan wrote: > If the user knew the actual URL of the image though, wouldn't they be able > to get around a script like this by simply typing it into their web browser? > > Thanks! :-)
Only if you let them. The PHP script allows to put the appropriate checks in place. For example, if you use sessions, you can verify that the session is still valid and that the user has, indeed, the right to access that image. At a later time, even if another user types in the same URL but does not have a valid session (or a variable inside the session that contains the right data), you would be able to block him from reading the image. Cheers, Marco -- ---------------- php|architect - The Monthly Magazine for PHP Professionals Come check us out on the web at http://www.phparch.com! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
