Page 1 of 1

secure image viewing

Posted: Sat May 22, 2010 8:25 am
by shawngoldw
Hi, I need to make images stored in one of my directories inaccessible to anyone who isn't logged into the website. I know the way to do it is to make a php script which returns the variables to use as the image source but I am not sure of the details.

I found this from a thread from about a year a go:

Code: Select all

<?php
$filename = "../natura_photos_large/".$_GET[trans]."-".$_GET[size].".jpg";
header("Content-Type: <span class="posthilit">image</span>/jpeg");
echo file_get_contents($filename);
?>
I am not entirely sure how this works, specifically where posthilit gets defined and what it is.
Also, the thread did not talk about what kind of server side configuration needs to be done.

Thanks,
Shawn

Re: secure image viewing

Posted: Mon May 24, 2010 1:01 am
by Christopher
I is just:

Code: Select all

header('Content-Type: image/jpeg');
See the header() documentation for examples.

Re: secure image viewing

Posted: Sat May 29, 2010 3:18 am
by kaisellgren
The "size" and "trans" need to be taken care of. Otherwise you are allowing arbitrary files to be viewed.