Page 1 of 2
Protecting images
Posted: Fri Jul 30, 2004 9:20 am
by wizzard
Hello,
I'm working on a website and want to protect the member images so people who are not logged in cannot view them.
I want like if they know the map like /images/profiles/ they cannot view the images in their. Is this possible?
Cheers
kris
Posted: Fri Jul 30, 2004 9:29 am
by pickle
You could:
a) put in an .htaccess file which requires authentication, or
b) put the image files outside of the document root and have them displayed via a PHP page.
Posted: Fri Jul 30, 2004 9:43 am
by wizzard
Can you tell me for b) how it is possible to show images from outside the root dir?
Posted: Fri Jul 30, 2004 10:33 am
by pickle
You could, for example, call image.php?name=dog.jpg. In image.php, you could open "dog.jpg" that is stored in /usr/local/secureimages/, and dump it to the browser as an image. So calling image.php?name=dog.jpg, would give you the contents of that file, and you could call <img src = "image.php?name=dog.jpg">.
Make sense?
Posted: Fri Jul 30, 2004 10:49 am
by Draco_03
but people could retreive the path and simply put it in the adress bar, unless you have this directory "protected" in any way.
Posted: Fri Jul 30, 2004 10:50 am
by John Cartwright
You cannot directly access files outside the root dir.
Posted: Fri Jul 30, 2004 10:51 am
by pickle
Phenom wrote:You cannot directly access files outside the root dir.
Exactly. You can also put some security on that image.php file so that people have to be logged in before it'll dump the contents of any file.
Posted: Fri Jul 30, 2004 10:52 am
by Draco_03
pickle wrote:
Exactly. You can also put some security on that image.php file so that people have to be logged in before it'll dump the contents of any file.
Indeed

Posted: Mon Aug 02, 2004 3:29 am
by wizzard
I cannot make a map outside the root dir from my hosting company but can i protect my dir inside the root map and show via a .php script?
Posted: Mon Aug 02, 2004 1:10 pm
by AVATAr
yep: use .htaccess to do it.
pickle wrote:You could:
a) put in an .htaccess file which requires authentication, or
Posted: Mon Aug 02, 2004 1:23 pm
by wizzard
can i use the images then via my images.php file if their is a htaccess on the map?
Posted: Mon Aug 02, 2004 1:27 pm
by AVATAr
htaccess is for accessing via http... the other you are using a script that directly access the filesystem.
Posted: Mon Aug 02, 2004 2:49 pm
by wizzard
<Limit GET>
deny from all
</Limit>
I have placed this in my map but i cannot request the image from the server. Can you help me the images are located here /images/ads
Posted: Tue Aug 03, 2004 1:21 am
by fresh
why dont you just throw an index.php page in there and redirect anyone who comes to that folder to somewhere else??
Posted: Tue Aug 03, 2004 2:27 am
by wizzard
but if they find the image names like /images/adz/123.jpg then they can watch?