kvarnerexpress 0 Report post Posted June 13, 2005 Just wondering if anyone's worked with securing images to avoid direct linking than just by obscuring the URL or using a .htaccess file. I briefly looked through the documentation and source for gallery and it looks like the images are stored under the web root, so anyone with a direct link can browse the images regardless of user privileges.I was thinking one way of doing this would be too store the images above the webroot directory so that visitor's can't navigate to them and having a php script that can read the image dir output the images by sending the correct headers and echoing out the data. For example you have showpic.php which accepts $_GET parameters:user idimage pathtimestamphashThe user id, image path, and a secret hash seed stored on the server are used to generate the hash. The script file checks that the data passed in matches the hash, and also checks that the timestamp is within a specified time interval (say 5 minutes) and if everything is valid it echoes the image data.Some downsides:-this seems like it will create a high load (fopen and fread for each image) on the server.-since we're relying on a timestamp, links to images will timeout even for valid users if they leave their computer. I suppose if a timeout occurs we can re-check session credentials and access priviliges for the image(s), but this will just cause even more load.Anyone have any better ideas, links to scripts that do this?Thanks, Share this post Link to post Share on other sites
hype 0 Report post Posted June 13, 2005 I'm not sure if that's any scripts forthat but you can check out Hot Script and search for it...There's also hotlinking protection in cpanel where you can use it... But it seems almost impossible because ppl can just download the image once they see it... Share this post Link to post Share on other sites
karlo 0 Report post Posted June 17, 2005 Hmm... I suggest using cookies... try this: if(count($_GET)<1 && count($_POST)<1 && empty($_SERVER[QUERY_STRING])){setcookie("random",mt_rand(11111,99999),"/",time()+60);echo("<a href=\"?download=sample.jpg\">Click here</a> to download.");}if(!empty($_GET[download])){if(!empty($_COOKIE[random]) && strlen($_COOKIE[random])>3){header("Content-type: image/jpeg");readfile("sample.jpg");}} then tell me if it works.. good luck! Share this post Link to post Share on other sites
