Image Gallery + Login problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
RFairey
Forum Commoner
Posts: 52
Joined: Fri Jun 06, 2003 5:23 pm

Image Gallery + Login problem

Post by RFairey »

I have set up a members area to my site, a username and password is requested via an html form - this is compared with a MySQL database and a session is begun. All the members pages check for the session and work fine.

One of the pages is a photo gallery - at the moment it is just a whole bunch of <IMG> tags that link to a file frame.php?file=picture-to-be-displayed

This is fine, however anyone who knows the right URL can type this in and view the images directly in the browser.

Chmodding means that no-one can read the images, but the html page generated by the gallery script can no longer read them either.

I have even tried redirecting accesses to /pathname/picture.jpg to index.php?file=login.html by means of a .htaccess file, but that still prevents the image being displayed by the gallery script.

Is there something that I can do to either the gallery script, or with things like .htaccess that could fix this problem - i.e. no one can read the images at all unless they have a php session on the site?

It is all running on a UNIX server under apache, most likely with up to date versions of everything (PHP/mySQL/apache etc). I have shell access for tinkering.
Trill
Forum Newbie
Posts: 4
Joined: Sat Jun 07, 2003 2:58 am
Location: London, UK

Post by Trill »

Just wondering... does frame.php check for a session... cos if you got it to check for a session my guess is you should clear your problem up
RFairey
Forum Commoner
Posts: 52
Joined: Fri Jun 06, 2003 5:23 pm

Post by RFairey »

yeah - frame.php checks for a session, but all it does then is return an html page with some border images and an <img> tag for the image to be displayed.

I someone types the URL to the image itself, they can view it wothout a session. I want to block this so that they can't view it, without breaking the image gallery. As soon as I find a way to block the image such as .htaccess or chmod/chown etc, the image is not displayed in the gallery, since it is just an <img> tag
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

but if you're using
frame.php?file=picture-to-be-displayed
you might check the session status and return a 404 in case it's unsatisfactory (assuming this call is supposed to return the real image data - not only html)
RFairey
Forum Commoner
Posts: 52
Joined: Fri Jun 06, 2003 5:23 pm

Post by RFairey »

volka wrote:(assuming this call is supposed to return the real image data - not only html)
Its only returning html at the moment. Is there a way to return image data directly, and would the script be able to read the image if I had blocked the image from direct viewing by typing a URL?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

an example should explain it

Code: Select all

<?php
$imgPath = '/a/directory/somewhere/' . (int)$_GET['imageId'] . '.png';
if(!is_file($imgPath) || !is_readable($imgPath))
	header('Status: 404 Not Found');
else
{
	header('Content-type: image/png');
	header('Content-length: ' . filesize($imgPath));
	readfile($imgPath);
}	
?>
will serve links like http://the.serv.er/myScript?imageId=5
and there's no need that /a/directory/somewhere/<N>.png has to be accessible from the web, only the php-script must have read permissions.

http://php.net/is_file
http://php.net/is_readable
http://php.net/header
http://php.net/filesize
http://php.net/readfile
http://www.php.net/manual/en/language.t ... ypecasting
RFairey
Forum Commoner
Posts: 52
Joined: Fri Jun 06, 2003 5:23 pm

Post by RFairey »

Is there a way to avoid the header() function, and put the image inline with the rest of the page, either keeping the img tags and changing something else, or using something other than img tags?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

netscape had a base64-inline image encoding but generally: no ;)
One request, one document (html, image, zip-archive, what-so-ever)
what's wrong with header()?
RFairey
Forum Commoner
Posts: 52
Joined: Fri Jun 06, 2003 5:23 pm

Post by RFairey »

header can only be used before any other html - the whole idea of the image gallery is that each one is displayed in a border (not so important) but, more importantly that each one is a link so that you can click on the image to return to the gallery of thumbnails
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

you have to serve the image document without any other html-data anyway.
So that's not a limitation. Always think about: One request, one document.
Not: one request, one html- and a image-document.
You send the html-doc which contains an <img src=..." />-element and the browser will perform another request to get the image-data, e.g.

Code: Select all

<img src="sendMeTheImageData.php?imgId=5" />
RFairey
Forum Commoner
Posts: 52
Joined: Fri Jun 06, 2003 5:23 pm

Post by RFairey »

aha - that might be the answer....!
will most likely be back with further dumb questions.....

Thanks!


My thanks to you!!!! It works - right - "One request, one document, one request, one document, one request, one document, one request, one document, one request, one document................................."
Post Reply