0

I have a php login scripts and the page is secured. But my images on the page can be viewed if you know the direct url. How can i make it to where only logged in users can view images?

2
Contributors
3
Replies
4
Views
7 Years
Discussion Span
Last Post by reedd5404
0

You could place the image data into a php file (image header) and link to that. THe php file could check to see if the user was logged in and if not, display a default image.

Pseudo-ish code:
For image1.php
Check if logged in
IF LOGGED IN:

header('Content-Type: image/gif');
readfile('path/image.gif');
//OR
header('Content-Type: image/jpeg');
readfile('path/image.jpg');
//OR
header('Content-Type: image/png');
readfile('path/image.png');
//ELSE
header('Content-Type: image/png');
readfile('path/default.png');

So <img src="path/image1.php" /> should work. If you don't fancy having 4 million php files, one for each image, just have the one and include a querystring in the url:

<img src="path/image1.php?id=4" /> would work if your images are indexed in a DB or use <img src="path/image1.php?img=sugarme&ext=jpg" /> for including the filename. What you need is a folder NOT called images or similar. Using htaccess (as mentioned previously) can also be used.

Edited by diafol: n/a

0

can you even redirect a whole directory with htaccess to the php login script im using?

so if i use htaccess in the image directory to redirect to the login script to access the directory that will work?

I have a database setup with usernames/passwords for each individual user account. It protects the content on that html page. But if they know the direct url to the image with out being logged in they can view it. So htaccess would stop this from happening.

Edited by reedd5404: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.