Hi,
I would like to know how to protect images. Basically one member can't see other members photos. Let say you have 1 millon users and each users has own photo gallery. Each user have a private or public photos. How will protect private photos?
i know one way to do is save the images in the database as binary format.
Any otherway?
Regards
You can save them in a directory that is not accessible via the web (either by placing it outside of the web document root directory's hierarchy or by using .htaccess to disallow HTTP access), and then use a PHP image server script to read the allowed image files and output them.
netmastan wrote:Hi,
I would like to know how to protect images. Basically one member can't see other members photos. Let say you have 1 millon users and each users has own photo gallery. Each user have a private or public photos. How will protect private photos?
i know one way to do is save the images in the database as binary format.
Any otherway?Regards
hi!
It is practically impossible to protect any image.
If you want to publish images on web, for people to see them,
it means your images data is sent to visitors browser / computer.
If it is difficult to save the image directly
anyone an take a screenshot of any published image.
So, my bottomline is this, as far as my knowledge:
- If you do not want people to see your images and copy them:
- Don't put them in internet!!
The only alternative option I see, is using login for persons you trust.
Regards 
Hi there halojoy,
I think maybe you're overlooking one reason why you would want to do what he's trying to do.
I run an image hosting service. People pay 5 bucks a month to host images, 4gb per month bandwidth and 100mb. I need to be able to stop if they exceed the bandwidth or don't pay. I can't do that if they can get to the real image, so php is used with a "pseudo" image name, and they never see the path to the true image:
http://www.domain.com/sally/hat.jpg
becomes
http://www.domain.com/imageprocessor.php?image=9378.jpg
For this reason, it's really important to protect the true location of the image.
thanks,
json
Thank you guys for the reply. Probably I couldn't explain it properly.
You see in facebook you have a private gallery. You allow some people to see your photos. Let say you allowed me to look at your photo. I copy the image url and send to my friend. My friend is not allowed to see the image but he can easily see the image. I would like to stop it. I want to know best way to protect it.
I will use database login system. Previously i tried both database and .htaccess login. Maintaing .htaccess user is very painfull and IE doesn't like passing user name and password through url..it prompt user login. So, its loggin twice.
Probably hidding actual image path is solution. let say you have url
http://www.mydomain.co.nz/images/2.gif become like this http://www.mydomain.co.nz/sdfwexwewx. But If i copy link http://www.mydomain.co.nz/sdfwexwewx in flashget or any download manager i can
see the actual path
Regards
netmastan wrote:Probably hidding actual image path is solution.
Well, that doesn't protect anything - if anyone got hold of the http://www.mydomain.co.nz/sdfwexwewx URL they'd be able to get the image exactly as easy as if they had the http://www.mydomain.co.nz/images/2.gif URL. Just because one looks like a file path and the other is just a bunch of letters makes no difference. A URL is not a file path.
As NogDog suggested, if you don't want people to link directly to resource, don't put it in the web site's document tree. Put it somewhere else and in the site have a script that people send requests for images to. If you want you could even make the server rewrite URLs of the form "/images/2.gif" to "image_script.php?image=2.gif" and have image_script.php check to see whether the person is logged in and if so whether they have permission to see the image (if they're not, just send back a 404 Not Found).
schwim wrote:Hi there halojoy,
I think maybe you're overlooking one reason why you would want to do what he's trying to do.
--------------------//-----------------
For this reason, it's really important to protect the true location of the image.thanks,
json
Yes, I came to think of this later.
I did answer on another type of 'image protection' issue.
When a person actually have loaded an image. We see some using disabled right-click, to stop people from 'Save Image'.
This wont stop many 
The different suggested methods to stop un-authorized from access to image would work, of course.
I can only add another option, for when image hasto be stored in public web folder system:
.... using MCrypt to encrypt the image file. [man]mcrypt[/man]
My benchmark of fastest block ciphers (suitable for file encrytion)
shows figures like 25 MB per second.
This is 1 MByte encrypted in ~0.04 sec ........
The fastest cipher algorithms currently supported by MCrypt functions
are blowfish & cast-128.
Right behind is twofish.
Regards
Hi!
I suppose people have to login. Place the image outside the document_root or in the database and create a PHP script that will only stream the image if the user logged in has permissions to view it. When the user doesn't have the right permission, show something alternative.
URL could be something like:
http://www.mydomain.co.nz/images/viewer.php?id=123
Where 123 is the ID of the image(specs) in the database.
Greetings!
Thanks. I've written the following code and it works fine. I got a question on php readfile function. Will it crash or freeze or take lots of cpu usages or memory if it reads 800MB mpeg file? What are the difference between simply embeding video in a html and embeding using protection in regards to speed,memory etc.
<?php
echo"<embed src=\"protect.php?file=test.mpg\"
pluginspage=\"http://quicktime.apple.com/\"
width=160 height=150
loop=\"false\" controller=\"true\" autoplay=\"true\"
alt=\"filename.mpeg You need quicktime plug in for this to work\">
</embed>";
?>
<!-- simple html code, no protection-->
<embed src="D:\webserver\Apache\\test.mpg"
pluginspage="http://quicktime.apple.com/"
width=160 height=150
loop="false" controller="true" autoplay="false"
alt="filename.mpeg You need quicktime plug in for this to work">
</embed>
<?php
require_once("mainfile.php");
$path="D:\webserver\Apache\\";
$protect = new Protect($_GET["file"],$path);
if(is_admin()){
$protect->showfile();
}else{
echo"Please login";
}
class Protect{
var $file;
var $path;
function Protect($file,$path){
$this->file=$file;
$this->path=$path;
}
function checkFile(){
if(!empty($this->file) && !eregi("http://",$this->file) && $this->getmimetype($this->file)){
if(file_exists($this->path.$this->file) && is_readable($this->path.$this->file)){
return true;
}else{
return false;
}
}else{
return false;
}
}
function showfile(){
if($this->checkFile()){
header('Content-type: '.$this->getmimetype());
header('Content-transfer-encoding: binary');
header('Content-length: '.filesize($this->path.$this->file));
readfile($this->path.$this->file);
}
}
function downloadfile(){
if($this->checkFile()){
header('Content-Description: File Transfer');
header('Content-type: '.$this->getmimetype());
header('Content-transfer-encoding: binary');
header('Content-length: '.filesize($this->path.$this->file));
header('Content-Disposition: attachment; filename=' . basename($this->path.$this->file));
readfile($this->path.$this->file);
}
}
function getmimetype(){
$file=explode(".",$this->file);
switch($file[1]){
case"jpe":
case"jpg":
return "image/jpeg";
break;
case"mpg":
return "video/mpeg mpeg mpg mpe";
break;
case"ppt":
return "application/vnd.ms-powerpoint ppt";
break;
case"zip":
return "application/zip zip";
break;
case"gif":
return "image/gif gif";
break;
case".doc":
return "application/msword doc";
break;
case"xls":
return "application/vnd.ms-excel";
break;
case"pdf":
return "application/pdf";
break;
case"png":
return "image/png";
break;
case"exe":
return "application/octet-stream";
break;
}
}
}
?>
I had this problem aswell, came up with a simple solution:
<?php
header("Content-type: image/jpeg");
readfile("/the/path/to/your/image.jpg");
?>
Oh, and you ofcourse have to change header("Content-type: image/jpeg"); to the type of your image.
Xager wrote:I had this problem aswell, came up with a simple solution:
<?php
header("Content-type: image/jpeg");
readfile("/the/path/to/your/image.jpg");
?>Oh, and you ofcourse have to change header("Content-type: image/jpeg"); to the type of your image.
Very simple 
Thanks,
I may try this next time I want to work with image publish on my website.
And I want to cover-up the real path to my image.
halojoy
<?php
header("Content-type: image/jpeg");
readfile("/the/path/to/your/image.jpg");
?>Without additional code to validate registered users that isn't shown here, this is utterly pointless for protecting images.
Weedpacket wrote:<?php header("Content-type: image/jpeg"); readfile("/the/path/to/your/image.jpg"); ?>Without additional code to validate registered users that isn't shown here, this is utterly pointless for protecting images.
Well ofcourse you need aditional code
That is just how you display an image with a php-document.