[RESOLVED] Directory Security

baffled_in_UK

This not a wholly PHP question but I'm sure one of you guys will know the answer.

I am developing a site for a photographer and what I need to do is to protect the directory where the images are kept so that visitors cannot link directly to them ie: www.mydomain.com/images/pic.jpg

The directory needs to be accessible in the normal run of things via a <img src> tag.

I believe htaccess will not work in this sense?

Any help/advice is appreciated.

devinemke

anti-leech

baffled_in_UK

I don't want to use a 3rd party, also after looking at some of them, they won't work.
The example I gave would pass the test as it would be called from my domain name and the checks seem to be that the file is been called from the domain on which it resides.

It's not "leeching" I want to prevent simply access by typing in an url as shown in my original post.

Weedpacket

You could start a session on the page containing the <img> tag, use "images.php?id=filename" as the src attribute. Then images.php checks to see if the session has been started, and if it has, readfile()s the image (with the appropriate Content-Type: header). The image files themselves are stored in an inaccessible directory, so there is no URL that leads directly to them.

Then it would only be accessible by someone who actually requested it via the original page.

You may find other solutions if you try a search for "hotlinking", as the thing you're describing is called.

baffled_in_UK

Nice one. Thanks for the help.