Jump to content
xisto Community
kvarnerexpress

Securing Images

Recommended Posts

Just wondering if anyone's worked with securing images to avoid direct linking than just by obscuring the URL or using a .htaccess file. I briefly looked through the documentation and source for gallery and it looks like the images are stored under the web root, so anyone with a direct link can browse the images regardless of user privileges.I was thinking one way of doing this would be too store the images above the webroot directory so that visitor's can't navigate to them and having a php script that can read the image dir output the images by sending the correct headers and echoing out the data. For example you have showpic.php which accepts $_GET parameters:user idimage pathtimestamphashThe user id, image path, and a secret hash seed stored on the server are used to generate the hash. The script file checks that the data passed in matches the hash, and also checks that the timestamp is within a specified time interval (say 5 minutes) and if everything is valid it echoes the image data.Some downsides:-this seems like it will create a high load (fopen and fread for each image) on the server.-since we're relying on a timestamp, links to images will timeout even for valid users if they leave their computer. I suppose if a timeout occurs we can re-check session credentials and access priviliges for the image(s), but this will just cause even more load.Anyone have any better ideas, links to scripts that do this?Thanks,

Share this post


Link to post
Share on other sites

I'm not sure if that's any scripts forthat but you can check out Hot Script and search for it...

There's also hotlinking protection in cpanel where you can use it... But it seems almost impossible because ppl can just download the image once they see it...

Share this post


Link to post
Share on other sites

Hmm... I suggest using cookies... try this:

if(count($_GET)<1 && count($_POST)<1 && empty($_SERVER[QUERY_STRING])){setcookie("random",mt_rand(11111,99999),"/",time()+60);echo("<a href=\"?download=sample.jpg\">Click here</a> to download.");}if(!empty($_GET[download])){if(!empty($_COOKIE[random]) && strlen($_COOKIE[random])>3){header("Content-type: image/jpeg");readfile("sample.jpg");}}

then tell me if it works.. good luck! :P

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.