Page 1 of 1

restricting user to access URL http://mydomain.com/pic/1.jpg

Posted: Mon Oct 28, 2002 3:55 pm
by lam-ang
:?:
Hi! I have this situation that I have to restrict users from accessing a specific picture directory from their web browser because all the access permission are done by a PHP script and all the permission data are stored on MySQL table. I want all users to use the web browser in viewing pictures but if they are not permitted they can't view it.

For example, I wrote a script that checks their permission and then if they are allowed they can view the specified picture file which resides in './home/pic' directory.

For illustration let's use '1.jpg' as the current picture file and a user named 'user1' that wants to view that picture. If 'user1' is allowed, the script will return a URL http://memberview.php?username=sp2&t=dd ... &z=zoutby5, well if 'user1' is smart enough he can just type in his browser the URL http://home/pic/1.jpg, bypassing all the restrictions of the script.

I thought of chmoding the file, for example if 'user1' is allowed the script will issue a command 'chmod 755 1.jpg' and if 'user1' is not allowed it will issue the command 'chmod 666 1.jpg' restricting him to view the said picture. But the question is? How about if another user is trying to view that picture and he is not allowed, by chmoding it to 755 all user that are not allowed can view that also.

Do you have any suggestions on what is the best approach on this kind of situation?

I thank you.

Posted: Mon Oct 28, 2002 4:24 pm
by volka
use .htacces
http://www.freewebmasterhelp.com/tutorials/htaccess/
http://www.javascriptkit.com/howto/htaccess.shtml
if necessary php can write the user(-password) and/or groupfile , too ;)