Can you fake a referrer by say,.... using fsockopen() and sending your own headers?
-----Original Message----- From: Curt Zirzow [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 4:57 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Downloding files once * Thus wrote Boaz Yahav ([EMAIL PROTECTED]): > > I thought of using a download function that uses headers and > readfile() or fread(). This way i can check who is the user and send / > not send the file. However, this does not seem to work with > such big files. you most likely are running into the script timeout when people are downloading the file. I would in this case, use fread so you can do some checking in between sends and if bandwidth becomes a problem you can do some bandwidth throttling: set_timelimit(0); while (! feof() { if (connection_aborted() ) { break; // no need to send the data now. } fread(); print $data; } > > Another idea is to use Apache Mod Rewrite and check that the user has > the referrer of the download server. I'm assuming that he will only > have this if he had access to a link to the > file from the server it's self and such a link will only be provided to > members. As far as i can > think, you can only fake a referrer by writing your own client. I would discourage this for the fact that the referer can easily be faked. If you downloads are important to the general public and word gets out that the referer is your security.. say good bye to your bandwidth :) > > If anyone has any ideas or comments I'll be very happy to get them. HTH, Curt -- "I used to think I was indecisive, but now I'm not so sure." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
