http authentication

[dkintheuk]

Hi all,

I'm trying to access pages, images and files in my site that are protected by http authentication.

I have a php page, for instance, that will display images from the protected location, but obviously i want the page itself to access the protected location and not reveal to the user that they have obtained images from that location which are now in the webpage they are viewing.

Does that make any sense?

Can anyone help?

Many thanks,

Rob.

[Caesar]

You can't call images indirectly from a directory that uses http authentication like that. Why not add hotlink protection, add add an index file in the images directory, if you want to prevent people from stealing your bandwidth? I'm asuming that's what you're trying to do.

[dkintheuk]

Ah - then it appears that i am stuck... the problem is that i don't want people to just put in the next url number and get the next image...

Can you tell i'm gonna charge for viewing them?

I can understand that i can't do what i want with http integration... so how do i stop people getting to the files?

Do i have to put them further up in the directory structure? what can i do to acheive this - p.s. i've sussed out the bandwidth theft bit thanks.

Rob.

[dkintheuk]

How about if i put the images in an inaccessible place.

i.e. my hosting has /web/ and /logs/ when i ftp to the site - if i create another directory here called /protect_images/ then how do i refer to that location from within a php script in the folder /web/?

All the files in /web/ appear as valid websites and all other files are invisible to the world...

Does that give me some options?

[Caesar]

My advice:

Make use of a login system. Users would need to login to access the files.

Now for the tricky part. One way you can accomplish some sort of control over access to these files (Based on whether or not they purchased it) is by using MySQL. And intergrating the use of timestamps in combination with their userid....and place a limit on amount of downloads. You create a temporary link....you then add a conditional statement that says if the amount of downloads allowed has reached max...or the current time minus the time of purchase is greater than the time limit, then the temporary link & temp file is deleted. So basically, your images are kept in a completely diferent directory, with a unguessable directory name...and maybe even inaccessible via a browser....when someone purchases it, a temporary copy (Along with a temporary link) is created.

I created something similar to this about 4 months ago. There are also eccommerce shops that have it built in. I can recommend one if you like.

[dkintheuk]

So here is my next question...

If I put the images in a folder outside of the web root directory, how do i access them by php script?

Is there a code example of how to do this anywhere?

I assume i have to use something including $_SERVER['DOCUMENT_ROOT'] but how do i refer to the image to be able to display it?

[dkintheuk]

OK i'm getting somwhere now...

Was going to use this code...

[code]
<? php
$file_ref = $_REQUEST['img_ref'];
if(file_exists($file_ref))
        {
        $tipe = getimagesize($file_ref);
        $header_ext = ($tipe[2] < 4) ? ($tipe[2] < 3) ? ($tipe[2] < 2) ? ($tipe[2] < 1) ? NULL : 'gif' : 'jpeg' : 'png' : NULL;
        if($header_ext !== NULL)
                {
                header("Content-type: image/" .$header_ext);
                readfile($file_ref);
                }
        }
?>
[/code]

but it is not working as expected...

I get an 'unexpected T_VARIABLE' error for the first line ($file_ref = $REQUEST['img_ref'];)

Why am i getting this?

i even tried a cut down version of this:

[code]
<? php

$fileref = '/images/pic_001.jpg';
header("Content-type: image/jpeg");
readfile($fileref);

?>
[/code]

and it still gives the same error...