Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

security on folders but show on web

Status
Not open for further replies.
davejam

davejam

Technical User
Jan 6, 2004
313
GB
hi all....

i'm creating my brother a family website, he's just had a baby and posts things on his website with restricted folders and logins but has to create it all himself

so he's inlisted my help so
1.he can easily add content and upload photos
2.the family can login and see these
3.the family can upload

i've got security for the web done simply... made sites secure with sessions etc for ages but i want to make the images file completely secure ie.. can't call it from the web, can't get into it through the web pages cos they're not logged in to it but still get them into a web page

so basically i need to password protect a folder but get php to get access to the image when it runs

obviously cos theres gonna be loads of baby pics and other pics of the family and kids i don't want to even give it a possible chance of leaving it open...

theres so much you hear about people trawling family sites for child pics.... don't worry i'm not one of them, and i'd never do anything for my brother to put my neices pics in jepoardy

so if anyone can help me on this it would be brilliant

thankyou

daveJam

even my shrink says its all your f#@/ing fault
 
Sort by date Sort by votes
Password protecting a directory is usually done in your web server and has nothing to do with PHP. So it will not hinder PHP either.
Off course, if a PHP script or an image is in a password-protected directory, your browser will have to supply the password before any of them can be reached.

Your browser will silently resupply the password with each request, as long as you are in the same browser session and you have supplied a right one.

BUT, if you have written the password handling in PHP, there's another story. I would store the pictures outside the web root and make a proxy script to them: a PHP script that takes a hashed parameter telling which file should be read (use the passthrough function, for example). Store the hashes in the session. That image proxy should send the right header (like Content-type:image/jpeg) and check your login status.

Hope this helps.

+++ Despite being wrong in every important aspect, that is a very good analogy +++
Hex (in Darwin's Watch)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

milisql
  • Locked
  • Question
Fetching Data But not calculating Correctly
Replies
0
Views
507
milisql
milisql
PeDa
  • Locked
  • Question
mdash incorrectly rendering on Android phone (but not on PC) <- well not actually!
Replies
5
Views
591
spamjim
spamjim
PeDa
  • Locked
  • Question
POST Content-lLength of ... bytes exceeds the limit of 8388608 bytes in Unknown on line 0
Replies
4
Views
456
feherke
feherke
ravicoder
  • Locked
  • Question
Populating a span based on input field
Replies
0
Views
156
ravicoder
ravicoder
waubain
  • Locked
  • Question
Images not loading on AJAX call
Replies
3
Views
623
southbeach
southbeach

Part and Inventory Search

Sponsor

Back
Top