SommerNyte

I'm not sure how CHMODing would help at all? There are over 200 members.  Each member has a different web site they will be linking from.  So when the page mysite.com/page.php?user=bob loads, it needs to look up the user "bob", make sure he's an active member (it already does this part) then check Bob's domain (stored in the DB) and make sure that the link was accessed from that domain, and no other domain.  Therefore, Jim can't link to Bob's member page.

I haven't described it right, or you haven't understood.  :) Let's say my client is a membership organization for artists.  The artists in the organization want to sell their art to people, so they can link to a page that says why people should buy said art.  It includes their contact info on each page as long as they are an active member. So it's a 3rd party accessing the page -- not the member themselves.  Therefore, we don't want to password protect it -- the 3rd party viewers wouldn't know the password. Is that clearer? ???

I hope I can explain this well enough to get some help.  :) I want to check a page upon loading and make sure the referer is the same domain as what's in the DB.  If the referer matches the domain in the DB, then the page is displayed.  If there is not a match, then it will just display "Unauthorized Access" or something. Here is the background... I have a client web site that is a membership site.  We have created a page with informational videos, and members can create a link to this page to post on their own site.  Within the url of the link, the member's username is passed.  The code checks the username against the database and verifies that (1) they are a member and (2) they are a member with permission to use the video page.  As long as both checks pass, the page appears with the member's name, address and contact info on it. That part is all fine and dandy.  However, someone COULD link to the page using another member's username in the URL, and it will work, it will just have someone else's contact info.  Well, the client wants to further restrict it so that the link can ONLY come from the member's domain, and no other domains. My database contains the member's domain, so I was trying to use http_referer to check the referer against the web site stored in the DB, but I couldn't get it to work.  Then I read http_referer isn't reliable and shouldn't be used.  ??? Is there a way I can do this, then?  I realize .htaccess can be used, but because users are being added, removed and updating info, the .htaccess would always be changing and I don't know that it's possible for me to use PHP to automatically update the .htaccess every time a change is made to the DB?