ChickenWho Posted August 11, 2007 Share Posted August 11, 2007 I have this gallery in which you can see preview images and also download the full-sized images. The only problem is that I want to protect these full-sized images from being downloaded by just anybody. I've been searching a long time to try and find a way how to do this, but I haven't really found a good solution. Using a .htpasswd file to protect the folder is good, but I also have to be able to maintain a log of who downloaded what full-sized image when, and with the .htpasswd method, anybody with the right password and username can download the images as much as they want without me knowing it. Can anybody help me out here, put me in the right direction? Because where I'm standing now, I don't have a clue on how to do this. Thanks in advance. (I posted it here because I built the gallery using php and a php solution would be great) Quote Link to comment https://forums.phpfreaks.com/topic/64418-protecting-full-sized-image-folders/ Share on other sites More sharing options...
Orio Posted August 11, 2007 Share Posted August 11, 2007 I think you should give each one of the people who can download the pictures a username and password, and then you can make the pictures available only to logged users. I did something like that in the past, here's how it should look basically: <?php //The image name is being passed via the URL, in $_GET['img_name'] session_start(); //Check if this is a valid user if(!isset($_SESSION['username'])) { die("Access for authorized only. Please log in."); } //Force download the file $filename = $_GET['filename']; $extension = strtolower(substr(strrchr($filename,"."),1)); // required for IE if(ini_get('zlib.output_compression')) ini_set('zlib.output_compression', 'off'); switch($extension) { case "gif": $ctype="image/gif"; break; case "png": $ctype="image/png"; break; case "jpeg": case "jpg": $ctype="image/jpg"; break; } header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private", false); header("Content-Type: $ctype"); header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" ); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".filesize($filename)); @readfile($filename); exit(); ?> This is how it should look very basically. If you want to add a download counter or any other logs its up to you. A bit more security won't be bad either (like making sure the extension is ok, the filename is valid, making sure the user is ok etc'). But thats it basically. Orio. Quote Link to comment https://forums.phpfreaks.com/topic/64418-protecting-full-sized-image-folders/#findComment-321290 Share on other sites More sharing options...
ChickenWho Posted August 12, 2007 Author Share Posted August 12, 2007 I must say thank you. This is exacly what I needed, so thank you very much. Quote Link to comment https://forums.phpfreaks.com/topic/64418-protecting-full-sized-image-folders/#findComment-321736 Share on other sites More sharing options...
cooldude832 Posted August 12, 2007 Share Posted August 12, 2007 alternatively you can store the images in a database as binary and then you can do as you please with them via GD. Many banks use this method for your return checks to make them temporarily viewable. Then you can use DB relationship between your user/image tables and say this user can see image a,b,c but not e-g if it makes sense. Quote Link to comment https://forums.phpfreaks.com/topic/64418-protecting-full-sized-image-folders/#findComment-321738 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.