Preventing direct image link?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

bradles
Forum Commoner
Posts: 89
Joined: Wed Jun 30, 2004 10:40 pm

Post by bradles »

Thanks rehfeld,

I am setting $_SESSION['logged_in'] = true

I've been trying all afternoon to get this but I am determined not to fail. I think maybe my script is becoming out of control so I am trying to clean it up.

I tried files inside the doc root and outside it with unreliable results. At the moment, firefox shows images on my localserver but IE6 doesn't...once again, maybe my fault.

I will try your htaccess suggestion and see how it goes.

Brad
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

your checking if it is equal to string true, but it is prob boolean true

Code: Select all

<?php

// if this is how your setting it:
$_SESSION['logged_in'] = true; // no quotes around true


// then to test it

if (empty($_SESSION['logged_in'])) {
    exit;
}
// just make sure you dont set the session var at all unless they are logged in,
// no $_SESSION['logged_in'] = 'false'; kinda stuff




// or if you want to be more strict
// notice how im not comparing it to 'true', im using true
if (empty($_SESSION['logged_in']) || $_SESSION['logged_in'] !== true) {
    exit;
}


// also notice the use of !== 
// that makes sure it is of the same data type. 
// so the only way it would pass that test/check is if its of type boolean

?>
and if you getting erratic behavior betyween browsers, it is usually a cookie problem, which translates to a session problem

are you using subdomains?

also, are some of the links on your site like:
http://example.org

while others have www in them like:
http://www.example.org


BOTH of those situations can require special session settings
Post Reply