protecting images by session

axo

hi, i'm trying to protect some image galleries by a login-system. i simply don't want anybody to view the images without being logged in.

the main idea would work this way:

-> session/members database table
-> if user is logged in -> allowed to view pictures -> access to gallery.php (a simple table with up to 20 pictures in a row).

problem:
- by reading the html-source, some users could view the pictures without use of gallery.php.

solution:
- .htaccess-file with order deny,allow - deny from all
- pipe the pictures through some pictures.php which first checks the validity of the session and sends some headers and readfile()'s the picture only if user is logged on.

problem:
- the session uses mysql, and i need to call pictures.php and check the session 20 times in a row (for each picture in the gallery); and while doing that, the database is being connected 20 times by pictures.php and this makes the whole thing very very slow.

are there any other ideas?

tekky

create a "logged in" table that stores session ID's then just include in your query something like

"SELECT images.name, images.path, sessions.loggedin WHERE image.name = 'thispic.jpg' AND '$sessionid' IN sessions.loggedin"

if your query comes up blank you know they aint logged in

or conversly, you could modify your pictures.php to include a "gallery" query which returns ALL images for a given gallery thereby making the validation process a one time thing per page load