i have site:
www.abc.com a php file hosted in site www.xyz.com , link php file is:
www.xyz.com/folder/thefile.php i put php function in thefile.php. use file, people have come www.abc.com. here put links as:
www.xyz.com/folder/thefile.php?file=123456 www.xyz.com/folder/thefile.php?file=789654 , on whenever clicks on these links, value of variable 'file' gets called in php function in thefile.php , executed , video or image displayed.
now, example, first case value '123456'. in case person edits value '123456' '1234' or '65431' etc, php file shown them. if user visits www.xyz.com/folder/thefile.php without variable 'file', php file shown them.
now want if person edits url or tries visit www.xyz.com/folder/thefile.php should take him 404 page or other page. how do this?
sending user has no "file" parameter 404 page relatively easy.
if (!isset($_get['file'])){ header("location: 404.php"); } i can't see easy method verify user hasn't tampered url. make sure referrer abc.com website, that's not least bit secure since users can modify that.
if in shoes, lack of better solution, i'd have abc.com save , send random hash link sends user xyz.com. xyz.com poll abc.com verify hash valid. abc return actual file id. users invalid hashes a=the redirect. basically, i'd medium of communication can go around user, if need certify link valid.
Comments
Post a Comment