[thelist] Preventing direct access while allowing PHP script access

Nan Harbison nanharbison at earthlink.net
Mon Mar 27 05:50:00 CST 2006

I have handled this kind of situation, although usually for password
protection for privacy. I create a session once someone has logged in, and
on the swf page, the swf is an include statement IF the password has been
entered, the user gets the content of the page, otherwise they get a message
that they have to log in to see the page, or in your case, to pay.

For example-
	 if ($theword) // if the session password is set
 			$password = $theword;
	if ($password == "whatever")
			unset($gotopage); //this variable holds the page the person was trying to
get to
			print("This page is password protected<br><br>");
			print("<a href=\"login.php\">Enter password here</a>");
			$gotopage = "/fundraising.php"; //user will be redirected to this page
once they log in


Subject: [thelist] Preventing direct access while allowing PHP script access

Hello Listoids,

I have a bunch of SWF files, just say at "http://www.domain.com/swf/".
Now, I want my PHP script, eg, something like
"http://www.domain.com/swf_me_up.php?filename=someswf" to be able to
access these, obviously. However, I want to prevent people from simply
typing in something like "http://www.domain.com/swf/someswf.swf" and
accessing it directly (mainly because I want to extract money from
them first, *rubs mercenarious hands*).

I would've thought this would be quite a common desire, but I can't
seem to find any ideas on how to achieve it. Plenty of examples of how
to prevent "hotlinking", but evidently while this also concerns me,
it's HTTP requests from my *own* domain that's the worry at the

Any help would be very much appreciated!

Cheers and thanks.

* * Please support the community that supports you.  * *

For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !

More information about the thelist mailing list