Protecting images

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

wizzard
Forum Commoner
Posts: 93
Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:

Protecting images

Post by wizzard »

Hello,

I'm working on a website and want to protect the member images so people who are not logged in cannot view them.

I want like if they know the map like /images/profiles/ they cannot view the images in their. Is this possible?

Cheers
kris
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

You could:
a) put in an .htaccess file which requires authentication, or
b) put the image files outside of the document root and have them displayed via a PHP page.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
wizzard
Forum Commoner
Posts: 93
Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:

Post by wizzard »

Can you tell me for b) how it is possible to show images from outside the root dir?
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

You could, for example, call image.php?name=dog.jpg. In image.php, you could open "dog.jpg" that is stored in /usr/local/secureimages/, and dump it to the browser as an image. So calling image.php?name=dog.jpg, would give you the contents of that file, and you could call <img src = "image.php?name=dog.jpg">.

Make sense?
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Draco_03
Forum Regular
Posts: 577
Joined: Fri Aug 15, 2003 12:25 pm
Location: Montreal, Canada

Post by Draco_03 »

but people could retreive the path and simply put it in the adress bar, unless you have this directory "protected" in any way.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

You cannot directly access files outside the root dir.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Phenom wrote:You cannot directly access files outside the root dir.
Exactly. You can also put some security on that image.php file so that people have to be logged in before it'll dump the contents of any file.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Draco_03
Forum Regular
Posts: 577
Joined: Fri Aug 15, 2003 12:25 pm
Location: Montreal, Canada

Post by Draco_03 »

pickle wrote: Exactly. You can also put some security on that image.php file so that people have to be logged in before it'll dump the contents of any file.
Indeed
8)
wizzard
Forum Commoner
Posts: 93
Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:

Post by wizzard »

I cannot make a map outside the root dir from my hosting company but can i protect my dir inside the root map and show via a .php script?
User avatar
AVATAr
Forum Regular
Posts: 524
Joined: Tue Jul 16, 2002 4:19 pm
Location: Uruguay -- Montevideo
Contact:

Post by AVATAr »

yep: use .htaccess to do it.
pickle wrote:You could:
a) put in an .htaccess file which requires authentication, or
wizzard
Forum Commoner
Posts: 93
Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:

Post by wizzard »

can i use the images then via my images.php file if their is a htaccess on the map?
User avatar
AVATAr
Forum Regular
Posts: 524
Joined: Tue Jul 16, 2002 4:19 pm
Location: Uruguay -- Montevideo
Contact:

Post by AVATAr »

htaccess is for accessing via http... the other you are using a script that directly access the filesystem.
wizzard
Forum Commoner
Posts: 93
Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:

Post by wizzard »

<Limit GET>
deny from all
</Limit>

I have placed this in my map but i cannot request the image from the server. Can you help me the images are located here /images/ads
User avatar
fresh
Forum Contributor
Posts: 259
Joined: Mon Jun 14, 2004 10:39 am
Location: Amerika

Post by fresh »

why dont you just throw an index.php page in there and redirect anyone who comes to that folder to somewhere else??
wizzard
Forum Commoner
Posts: 93
Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:

Post by wizzard »

but if they find the image names like /images/adz/123.jpg then they can watch?
Post Reply