you would then perform a check to see if the "token" variable equals 123.
This can be easily manipulated by somebody even with a very minimal knowledge in computing.
Another option could be to obtain a list of all sites and pages that you wish to allow links to your site and then on load of your page check the $HTTP_REFERER; variable (this contains the last page the user was refered from) if this is in your list then allow them to see the page. This has alot of downfalls as for example if someone navigates within your page you will get a refferer of your own page so would need some cookie or session handling setup to identify people. Also some browsers dont send the refering data.
Perhaps something like an alternating security token will do the trick but im guessing youll want it to be alot more secure.
i think the code is basic enough and simple to understand. :)
by the way, according to PHP $_server manual, 'HTTP_REFERER' is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
yes you would be able to locate the page but then its entirely up to your php to determine whether the incoming request should be allowed.
You could change the headers to "404" if you want a page not found error in a users browser that isnt validated
The session example abov would work but the site linking to this page would have to be on the same server for the session to take effect. I believe he was asking for a way to redirect from an external site to this page whilst authenticating.