hiding img url

badabing

I have a database with images. some are public some are private.
when a user subscribes and logs in he can see the private pics. but I dont want him to be able to see the img url
(right click->properties)
otherwise one would login and give everyone else the url.
I have no idea how to go about doing this...
any hints, help, direction...

ZibingsCoder

You could always create a tiny PHP script to do it for you. That way, if they copy the URL from this...

<img src="image.php?name=johnny">

image.php can have some validation stuff in it so that they have to be logged in to view it.

Can do this with the GD library, or I believe with just some nifty manipulation of headers.

badabing

well right now It works like this.
you enter a code in a validation form.
fields are sent to page checking code is correct.
then opens a template with the thumbnails of the private images,
so when one click on a thumb it SHOULD show the image but the image URL...

I was thinkin maybe md5 hashing it.....

ZibingsCoder

I'm going to go out on a limb here and say that md5 hashing an image URL that you want to display is a BAD idea. Just a thought, because md5 Hashes are technically not "unhashable", so the chances that a browser would be able to "unhash" the url are pretty slim.

If you want to make people login to be able to view the pictures, then you want to make it like I said earlier, or put some kind of a .htaccess on the directory.

badabing

ok so hashing is not an option...
how would i go about doing it with .htaccess ??
set a cookie when user logs in, and then in the .htaccess deny access if cookie is not set???

ZibingsCoder

Ok, since you apparently are trying to stray away from using PHP processes to get this done, I'm going to suggest that you do a google search on using the .htaccess "system". Even better would be to go straight to http://apache.org/ and give that a try.

PallaviDalvi

am not sure...but wud disabling the right-click help u?

drawmack

first go here
http://www.enderswebdev.com/test/disp_image.php

then go here
http://www.enderswebdev.com/test/disp_image.php?img_name=cool.jpg

then go here and log in with user1, pass1
http://www.enderswebdev.com/test/junk.php

then go here
http://www.enderswebdev.com/test/disp_image.php?img_name=cool3.jpg

and here's the code to do it (assuming that when someone logs in you set $_SESSION['user'])

<?php
    session_start();

$file_dir = 'images';
if(!array_key_exists('img_name',$_GET)) 
    bad_file('No Image Specified');
elseif(!array_key_exists('user',$_SESSION)) 
    bad_file('Not Logged In');
elseif(!file_exists($file_dir . '/' . $_GET['img_name'])) 
    bad_file('File Not Found');

$filename = $file_dir . '/' . $_GET['img_name'];
list($width,$height,$type,$img_str) = getimagesize($filename);

//if the image is not a jpg or png type
if($type != 3 && $type != 2)
    bad_file('Bad Image Type');

$mime = image_type_to_mime_type($type);
switch($type) {
    case(2):
        $im = imagecreatefromjpeg($filename);
        header('Content-type: ' . $mime);
        imagejpeg($im);
        break;
    case(3):
        $im = imagecreatefrompng($filename);
        header('Content-type: ' . $mime);
        imagepng($im);
        break;
} //end switch


//this function generates an image to display if the file is not
//called properly.
function bad_file($output) {
    $im = imagecreate(170,25);
    $background_color = imagecolorallocate($im,255,255,0);
    $text_color = imagecolorallocate($im,255,0,0);
    imagestring($im,5,5,5,$output,$text_color);
    header('Content-type: ' . image_type_to_mime_type(3));
    imagepng($im);
    exit; 
} //end bad_file         
?>