dennismonsewicz Posted March 20, 2008 Share Posted March 20, 2008 I have a download script that allows users to download stock photography off of my site. Well If someone has a direct link to the image then they can download the image. Is there a way to stop the direct link? Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 20, 2008 Share Posted March 20, 2008 i would hide the actual image name via database key or code, then send the image to the browser, not link directly to it. that way you can also ensure the user is logged on to have access. another alternative: use .htaccess to control what users have access to files in particular places. Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted March 20, 2008 Author Share Posted March 20, 2008 Hmmmm, well storing the image in a DB is a no no, cause you don't want to insert binary data into the db. So how would i achieve inserting the key or code in to a db? And I, sadly this is true, do not have .htaccess running cause we have an IIS server I KNOW I KNOW it is very sad Quote Link to comment Share on other sites More sharing options...
jkewlo Posted March 20, 2008 Share Posted March 20, 2008 whats wrong with storing binary data into the database? OLE object or a BLOB im doing it. and have no problems Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 20, 2008 Share Posted March 20, 2008 when you store an image, you store the image name and that table should have a unique id primary key. your table may look like... Images id - int, primary_key, autoincrement image_name - varchar(64) so give the id of the image, you can get the name. in code, use the id to get the image, then send the image to the browser. by the time the visitor gets to this place, you have already verified that they have permission to view the image. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 20, 2008 Share Posted March 20, 2008 whats wrong with storing binary data into the database? OLE object or a BLOB im doing it. and have no problems yet. i hope your database doesn't ever crash or get even minimally damaged. it doesn't make sense from virtually any standpoint. it's a lot more overhead in queries, a lot larger database, and much more trouble than simply storing the file on the server and referencing it. plus, if your database crashes for any reason, your stored binaries might be toast. if you store the images separately, you avoid all of these pitfalls. what are the advantages? Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted March 20, 2008 Author Share Posted March 20, 2008 Well adding an image into a DB via binary data becomes a problem when you need to backup a DB or when you get tons of records because it becomes bogged down. Now I have been told this recently, so I have not experienced these problems, so I could sound like a complete moron Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted March 20, 2008 Author Share Posted March 20, 2008 Ok here is my code: <?php $username = $_GET['username']; $id = $_GET['id']; if(isset($username)) { require "../includes/sql.php"; $query = "UPDATE uploads SET downloaded_by = '$username' WHERE id = '$id'"; mysql_query($query) or die("ERROR: " . mysql_error()); } if(isset($username)) { // if id is set then get the file with the id from database include "../includes/sql.php"; $query = "SELECT name, type, size " . "FROM uploads WHERE id = '$id'"; $result = mysql_query($query) or die('Error, query failed'); list($name, $type, $size) = mysql_fetch_array($result); header("Content-length: $size"); header("Content-type: $type"); header("Content-Disposition: attachment; filename=$name"); readfile($name); exit; } ?> can you send the id to the header verifying the id and username? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.