Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Protection JPEG/DIR with session

authentication session

  • Please log in to reply
4 replies to this topic

#1 elle

elle

    CC Newcomer

  • Just Joined
  • PipPip
  • 10 posts

Posted 19 July 2007 - 02:45 PM

Hi,
I need some help/ideas with this : I'm using session for user's authorization and need to access "private" image data or access to some directory for authorized user only. My question is how to protect images (image file or directory) with session (I mean no HTTP basic authentication scheme is allowed) ?

I've tried something like this, but it doesn't work properly probably due to the directory rights.

<?php

function LoadJpeg($imgname)
{
    $im = @imagecreatefromjpeg($imgname);
    if (!$im) { /* See if it failed */

        /* Output an errmsg */

    }
    return $im;
}

/* if (user logged in) */

header("Content-Type: image/jpeg");
$img = LoadJpeg("private/image.jpg");
imagejpeg($img);

?> 

Some ideas how it's done would be appreciated.
TIA
  • 0

#2 Crane

Crane

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 388 posts

Posted 20 July 2007 - 01:58 PM

And the code above doesn't work? If the user is logged in allow them to access it. If not redirect them. Seems like a solid plan.
  • 0

#3 elle

elle

    CC Newcomer

  • Just Joined
  • PipPip
  • 10 posts

Posted 21 July 2007 - 03:00 PM

Actually the code above is really correct. Some modification can be still applied I mean replace creatimage function with some direct stream read function (avoiding of compression) but this still doesn't solve the image protection in the directory. The solution is to use .htaccess on it with deny to show images.

That's it.
  • 0

#4 John

John

    CC Mentor

  • Moderator
  • 4450 posts
  • Location:New York, NY

Posted 21 July 2007 - 08:39 PM

I've never used the deny feature in .htaccess. Is that the same method for hotlink protection - if so, can you deny yourself from accessing them?

You could always store your images outside the public_html folder and use GD to generate the images as you need them.
  • 0

#5 elle

elle

    CC Newcomer

  • Just Joined
  • PipPip
  • 10 posts

Posted 22 July 2007 - 11:14 AM

Actually I'm using some freeweb hosting and there's no way how to access directory out of the web root. So .htaccess works pretty well for me now.

I'm using this one inside the image folder:

<FilesMatch "\.(jp?g)$">
   order deny,allow
   deny from all
</FilesMatch>

For reading image data from php is used fpassthru() function or something like that. Now I can decide who's authorized via session and provide the image.

elle
  • 0





Also tagged with one or more of these keywords: authentication, session

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download