restricting user to access URL http://mydomain.com/pic/1.jpg

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
lam-ang
Forum Newbie
Posts: 1
Joined: Mon Oct 28, 2002 3:55 pm

restricting user to access URL http://mydomain.com/pic/1.jpg

Post by lam-ang »

:?:
Hi! I have this situation that I have to restrict users from accessing a specific picture directory from their web browser because all the access permission are done by a PHP script and all the permission data are stored on MySQL table. I want all users to use the web browser in viewing pictures but if they are not permitted they can't view it.

For example, I wrote a script that checks their permission and then if they are allowed they can view the specified picture file which resides in './home/pic' directory.

For illustration let's use '1.jpg' as the current picture file and a user named 'user1' that wants to view that picture. If 'user1' is allowed, the script will return a URL http://memberview.php?username=sp2&t=dd ... &z=zoutby5, well if 'user1' is smart enough he can just type in his browser the URL http://home/pic/1.jpg, bypassing all the restrictions of the script.

I thought of chmoding the file, for example if 'user1' is allowed the script will issue a command 'chmod 755 1.jpg' and if 'user1' is not allowed it will issue the command 'chmod 666 1.jpg' restricting him to view the said picture. But the question is? How about if another user is trying to view that picture and he is not allowed, by chmoding it to 755 all user that are not allowed can view that also.

Do you have any suggestions on what is the best approach on this kind of situation?

I thank you.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

use .htacces
http://www.freewebmasterhelp.com/tutorials/htaccess/
http://www.javascriptkit.com/howto/htaccess.shtml
if necessary php can write the user(-password) and/or groupfile , too ;)
Post Reply