I have a php login scripts and the page is secured. But my images on the page can be viewed if you know the direct url. How can i make it to where only logged in users can view images?

Member Avatar

You could place the image data into a php file (image header) and link to that. THe php file could check to see if the user was logged in and if not, display a default image.

Pseudo-ish code:
For image1.php
Check if logged in

header('Content-Type: image/gif');
header('Content-Type: image/jpeg');
header('Content-Type: image/png');
header('Content-Type: image/png');

So <img src="path/image1.php" /> should work. If you don't fancy having 4 million php files, one for each image, just have the one and include a querystring in the url:

<img src="path/image1.php?id=4" /> would work if your images are indexed in a DB or use <img src="path/image1.php?img=sugarme&ext=jpg" /> for including the filename. What you need is a folder NOT called images or similar. Using htaccess (as mentioned previously) can also be used.

can you even redirect a whole directory with htaccess to the php login script im using?

so if i use htaccess in the image directory to redirect to the login script to access the directory that will work?

I have a database setup with usernames/passwords for each individual user account. It protects the content on that html page. But if they know the direct url to the image with out being logged in they can view it. So htaccess would stop this from happening.