Restricting access to files

How can I get the name of the page that requested a image or script file? I want to provide files only to certain pages. For example, in my page 'http://server/path/page1001.php' I have the code:

<html>
<script language="JavaScript" src="http://server/path/scripts.php?id=2"></script>

<body>
<img src="http://server/path/images.php?id=4">
</body>
</html>

I want that only the page with the url 'http://server/path/page1001.php' to display my files ('scripts.php?id=2' and 'images.php?id=4').
How can I do that? Is there a way? It has to be one!
ingerulAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

UnifiedMediaCommented:
I'm assuming you're worried about people stealing your images and scripts.  One way to ensure that the people were coming from the spage you specify is to use Session variables set in the page.

For example, in page http://server/path/page1001.php, place the following code:

<?php

$_SESSION["script"] = 2;
$_SESSION["image"] = 4;

?>

Then, in http://server/path/scripts.php put:

<?php

$id = $_SESSION["script"];

?>

And in http://server/path/images.php to stop someone from being able to link/go directly to http://server/path/images.php?id=2 and seeing the picture, use the following code:  

<?php

$id = $_SESSION["image"];

?>

To further protect the picture in images.php, you can use the "readfile" command to send the image itself - rather than returning a path which could be seen - back to browser.

<?php

if ($id == 1) {
     readfile("image1.jpg");
} elseif ($id == 2) {
     readfile("image2.jpg");
} else {
     readfile("noimage.jpg");
}

?>


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
carchitectCommented:
not posible...
atleast in ths manner....
regards
0
spereCommented:
There are two methods that I can think of, one if which is the session method mentioned by UnifiedMedia,
The other is ..

if ($_SERVER["HTTP_REFERER"] != "http://server/path/page1001.php") {
   header("http-status: 404"); // or however that goes
  // print ERROR_404 here
}

.. of course its not hard to fake those headers .. but they have to know what they're looking for first. thus the 404 to confuse them. But you can use whatever header you want..

Col.
0
techtonikCommented:
Some browsers do not set HTTP_REFERER due to security reasons, so this method is not reliable. In the case with session - it should prevent external linking, but for somebody, who'd like to steal images - that would not be a big problem.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.