PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
wizzard
Forum Commoner
Posts: 93 Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:
Post
by wizzard » Fri Jul 30, 2004 9:20 am
Hello,
I'm working on a website and want to protect the member images so people who are not logged in cannot view them.
I want like if they know the map like /images/profiles/ they cannot view the images in their. Is this possible?
Cheers
kris
pickle
Briney Mod
Posts: 6445 Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:
Post
by pickle » Fri Jul 30, 2004 9:29 am
You could:
a) put in an .htaccess file which requires authentication, or
b) put the image files outside of the document root and have them displayed via a PHP page.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
wizzard
Forum Commoner
Posts: 93 Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:
Post
by wizzard » Fri Jul 30, 2004 9:43 am
Can you tell me for b) how it is possible to show images from outside the root dir?
pickle
Briney Mod
Posts: 6445 Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:
Post
by pickle » Fri Jul 30, 2004 10:33 am
You could, for example, call image.php?name=dog.jpg. In image.php, you could open "dog.jpg" that is stored in /usr/local/secureimages/, and dump it to the browser as an image. So calling image.php?name=dog.jpg, would give you the contents of that file, and you could call <img src = "image.php?name=dog.jpg">.
Make sense?
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Draco_03
Forum Regular
Posts: 577 Joined: Fri Aug 15, 2003 12:25 pm
Location: Montreal, Canada
Post
by Draco_03 » Fri Jul 30, 2004 10:49 am
but people could retreive the path and simply put it in the adress bar, unless you have this directory "protected" in any way.
John Cartwright
Site Admin
Posts: 11470 Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:
Post
by John Cartwright » Fri Jul 30, 2004 10:50 am
You cannot directly access files outside the root dir.
pickle
Briney Mod
Posts: 6445 Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:
Post
by pickle » Fri Jul 30, 2004 10:51 am
Phenom wrote: You cannot directly access files outside the root dir.
Exactly. You can also put some security on that image.php file so that people have to be logged in before it'll dump the contents of any file.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Draco_03
Forum Regular
Posts: 577 Joined: Fri Aug 15, 2003 12:25 pm
Location: Montreal, Canada
Post
by Draco_03 » Fri Jul 30, 2004 10:52 am
pickle wrote:
Exactly. You can also put some security on that image.php file so that people have to be logged in before it'll dump the contents of any file.
Indeed
wizzard
Forum Commoner
Posts: 93 Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:
Post
by wizzard » Mon Aug 02, 2004 3:29 am
I cannot make a map outside the root dir from my hosting company but can i protect my dir inside the root map and show via a .php script?
AVATAr
Forum Regular
Posts: 524 Joined: Tue Jul 16, 2002 4:19 pm
Location: Uruguay -- Montevideo
Contact:
Post
by AVATAr » Mon Aug 02, 2004 1:10 pm
yep: use .htaccess to do it.
pickle wrote: You could:
a) put in an .htaccess file which requires authentication, or
wizzard
Forum Commoner
Posts: 93 Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:
Post
by wizzard » Mon Aug 02, 2004 1:23 pm
can i use the images then via my images.php file if their is a htaccess on the map?
AVATAr
Forum Regular
Posts: 524 Joined: Tue Jul 16, 2002 4:19 pm
Location: Uruguay -- Montevideo
Contact:
Post
by AVATAr » Mon Aug 02, 2004 1:27 pm
htaccess is for accessing via http... the other you are using a script that directly access the filesystem.
wizzard
Forum Commoner
Posts: 93 Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:
Post
by wizzard » Mon Aug 02, 2004 2:49 pm
<Limit GET>
deny from all
</Limit>
I have placed this in my map but i cannot request the image from the server. Can you help me the images are located here /images/ads
fresh
Forum Contributor
Posts: 259 Joined: Mon Jun 14, 2004 10:39 am
Location: Amerika
Post
by fresh » Tue Aug 03, 2004 1:21 am
why dont you just throw an index.php page in there and redirect anyone who comes to that folder to somewhere else??
wizzard
Forum Commoner
Posts: 93 Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:
Post
by wizzard » Tue Aug 03, 2004 2:27 am
but if they find the image names like /images/adz/123.jpg then they can watch?