Apache session controled by PHP

aouriques

Hi friends,

my problem is:

I need protect my image files and I'm using .htacces/htpasswd in the directory to prevent that softwares as Teleport Pro, Websphere capture these images.

My system have user control in PHP/MySQL, but I would like that when an user login in my php system I send to apache one new session and the user not need login apache again.

(sorry, my english is bad)

Thanks.

rehfeld

use php to serve the images


<?php

session_start();

if (empty($_SESSION['logged_in'])) {
    exit;
}

$img_file = $_GET['id'];

// now send the proper MIME header for the image type
// stream out the file using readfile()

?>

thats simple example is very insecure, as they could possibly read any file on your system. so you need to do some validation to make sure you only actually output images.

and then of course make sure they cant view the images directly by just going to example.org/images/foo.gif

use htaccess to prevent that.