Secure a PHP file; how?

I have a classifieds website, and a partner of us (who runs another classifieds website) need to have access to a file on our server.

The file is called 'partner.php'.

This file simply prints out some information about the classifieds on our site.

So for our partners, they would just need to access "www.domain.com/partner.php?id=1234" to have access to that information.

I am planning to add a hash to the Url, so that outsiders don't have access to the file. But I don't know how to do this...

Is t开发者_如何学Gohere anybody who could point me in the right direction?

I have been told on phone that I can use a "32 length MD5 string and add it to the URL", but I have really no clue how to start, or what they meant by this?

Anybody know what they mean?

Examples is appreciated.

Thanks

I am planning to add a hash to the Url, so that outsiders don't have access to the file. But I don't know how to do this...

don't do it this way. A hash is fine for one-time links like E-Mail confirmation, but not for sensitive info. The hash will be present in the user's history, cache and in Proxy protocols; it can be shared accidentally.

You need to look into building proper, login-based authentication.

Some starting points:

• Secure authentication in PHP

• Actively maintained PHP libraries for user authentication?

• Basic authentication and session management library for PHP?

Or you can use both the Hash key and IP verification. If your partner is using just one computer/server to access your file you can check the hash key and the users IP address.

$ip = $_SERVER['REMOTE_ADDR'];

Is it possible to use a different approach?

Maybe you can use a .htaccess to only allow access to the file from certain IP addresses.

Check out this page on .htaccess. There is a section called Restricting by IP Address

You could use HTTP Authentication, for example via .htaccess

Adding a hash to the URL means that you pass a GET-Parameter to the script and check it when the script starts. If the value is not the expected one, the script can simply die(); or throw some kind of error.

But I'd really NOT recommend the hash-thing, it's a bad idea.