Thank you, this looks like the kind of thing I'm looking for. I'll have to give this a shot and see how it goes. :-)
On 02/15/03 8:44 PM, "Justin French" <[EMAIL PROTECTED]> wrote: > Using Apache's main config file (or at a per-directory level using a > .htaccess file), you need to black all .jpg, .jpeg, .gif, .png, .bmp, etc > etc files from being *directly* served via http. > > I'm not too good with Apache yet, but an example would be: > > <Files ~ "\.jpg$"> > Order Allow,Deny > Deny from all > </Files> > <Files ~ "\.gif$"> > Order Allow,Deny > Deny from all > </Files> > <Files ~ "\.jpeg$"> > Order Allow,Deny > Deny from all > </Files> > <Files ~ "\.bmp$"> > Order Allow,Deny > Deny from all > </Files> > > (you might also choose to block everything in imageDir/, which would also > include the xml file) > > > > Then you need to create a script called image.php which: > > a) accepts file=xxxx.xxx in the URL ($_GET) > b) sets the appropriate image header > c) passes the image file though > > Instead of you calling > <img src='imageDir/picture.jpg' /> > > You would call > <img src='image.php?file=imageDir/picture.jpg' /> > > > You also need to ensure that users can't directly call image.php?file= > picture.jpg in the browser, which can also be done with apache / .htaccess > files. > > > <Files ~ "\image.php$"> > Order Allow,Deny > Deny from all > </Files> > > > > There's plenty of examples of passing images through in the manual... in > particular one of the user-contributed notes by "lists at darkcore dot net > 08-Aug-2002 03:24" at http://php.net/header looks about right. > > > Justin > > > on 16/02/03 3:24 AM, Michael Mulligan ([EMAIL PROTECTED]) wrote: > >> Perhaps you could further describe such a method? I'm sorry, I just don't >> quite see how this will block the files. Perhaps I should further explain my >> situation. >> >> The script that I will distribute will always make use of a very particular >> directory structure. In "imageDir", there will always be a specifically >> named XML file that points to a bunch of images in the directory. However, >> given security checks that I put in my script, not all of those images >> should be publicly viewable. However, if a savvy user were to just load this >> XML doc up in their web browser, they will have a complete listing of URLs >> to all of my images. I cannot modify this XML file. (which is why I want to >> block a user from loading, say myserver.com/imageDir/picture.jpg) >> >> Will your proposed idea still work in this situation? >> >> Thanks for your help and patience in this matter. :-) >> >> On 02/15/03 11:09 AM, "Marco Tabini" <[EMAIL PROTECTED]> wrote: >>> Only if you let them. The PHP script allows to put the appropriate >>> checks in place. For example, if you use sessions, you can verify that >>> the session is still valid and that the user has, indeed, the right to >>> access that image. At a later time, even if another user types in the >>> same URL but does not have a valid session (or a variable inside the >>> session that contains the right data), you would be able to block him >>> from reading the image. >>> >>> Cheers, >>> >>> >>> Marco >> >> >> -m^2 >> >> __________ >> Hi! I'm a .signature virus! Copy me into your ~/.signature to help me >> spread! >> __________ >> >> > -m^2 __________ Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread! __________ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
