[SOLVED] How can I protect my file from direct downloading

[abdfahim]

Hi,

in my website, I has a gallery.php page where I store some images. Viewers have to login to enter gallery.php page. But my problem is any one can enter any images inside the gallery just by typing the address of the image like www.mydomain.com/filestorage/image1.jpg. Now how can I prevent this so that no one can see image by typing its address but at the same time my links inside gallery.php works?

waiting 4 ur help

Thanx

[kobmat]

You can create a php script that gets the image from the images dir you can then put an .htaccess(im assuming you are using apache) on the images dir to prevent direct access to the images.

you can say change the src of the image tags on gallery.php to image.php?file=image1.jpg. Then on image.php you can have session checks and etc.

You can have php return the image by

[CODE]
header("Content-Type: image/jpeg"); //if jpeg
header("Content-Length: ".filesize("images/".$_GET['file']));
readfile("images/".$_GET['file']);
[/CODE]

Anyway that the basic idea

[SharkBait]

Another way would be to use an .htaccess file and stop dynamic hotlinking of images. If you don't have that option then something that I do is when I upload an image I rename it to the ID of a database entry that I keep track of images with.

Then similar to the code in the previous post I just look up the ID to the image based on it's name and the present them with the proper download. I do this with other types of files as well.  They would have to know the ID of the image to be able to get at it.