Viewing dynamic thumbnails from secure directory

[jezmond5]

Hi!

I have a search engine that gives the user a preview image/link to the actual larger image file which opens in a new window. I have set up .htaccess security on the directory where all these images are stored, which has unfortunately disabled the images src link. In short, I want the users to see the dynamic thumbnails (are generated based on search), but be authorized to view the image once they link to it in the respective directory. This I need help with. How would you set up a directory to show a file source, but secure the access to the file itself?

Any help would be appreciated.

 

[Wullie]

Hi mate,

As far as I am aware this is not possible.

Hope this helps Wullie

sales@freshlookdesign.co.uk

http://www.freshlookdesign.com

http://www.searchit-now.co.uk

The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell

 

[jezmond5]

wullie,

Thanks for the response! I tend to challenge myself, because I think nothing is impossible. I will find a way!
Thanks again.

 

[danielhozac]

Actually, you could use PHP or some other server side scripting language to do this.
If you use PHP, you could use the GD library functions to resize the image upon request, this isn't recommended for a big site though. Create a directory outside of your webtree (like if your document root is /var/

http://www/html,

put it in /home/someuser/thumbnails). This way, only scripts will be able to actually get the files.
If this isn't possible on your server, you could create the directory in your webtree, and put a .htaccess file there. Here is a simple PHP script that does this:

<?php
$thumbnailsdir = '/home/someuser/thumbs/'; //Note the trailing slash
if (file_exists($thumbnailsdir . $_GET['image']))
{
    header('Content-type: image/gif'); //If your images aren't GIFs, change this to image/jpeg
    readfile($thumbnailsdir . $_GET['image']);
}
else
    echo &quot;That file doesn't exist.&quot;;
?>

This works with PHP 4.1+.

I hope this gets you started. //Daniel

 

[tarn]

Maybe I'm misreading this but whats to stop you having a duplicate directory (that is updated by a cron job {if necessary}, with copies of your images) then run the search process on this directory to create the thumbnails, but generate the "link" (filename tagged onto the real dir) to point to the image in the protected directory for authentication.

Obviously the duplicate dir would not be accessable to the public only the search process.

Am I on the right track ?

Good luck.

 

[jezmond5]

Scripts or no scripts, the GET method is blocked by the security. I will turn off Get in the Limit part of the htaccess file and see what happens. As far as a duplicate directory, wouldn't the unprotected one be wide open to access (browsers checking the properties of the img src tag). Is there a way to configure apache to say recognize an image source tag or calling, and have it bypass the security, but when the image is linked directly or opened, the user will then be prompted foe username and password. By the way, I am still churnin away on this...

 

[danielhozac]

When you use a script, you don't use the GET method to the directory.
You could use some mod_rewrite to allow the user to view the images in the directory if they came from the search script, and block access otherwise. This isn't very secure though, as fooling the server to believe that one came from the search page isn't very hard.
If I were you, I'd go with the script alternative. It seems like the easiest thing to do. //Daniel

 

[jezmond5]

Daniel,

I haven't had the chance to get back to my developing today, but I will make an attempt at the script alternative, and get back to you on my success. I am using PHP 4.0.x so I don't know if I will run into any problems, either way I will find a workaround.