[thelist] user-secure photos?

Brian Cummiskey brian at hondaswap.com
Thu May 17 12:20:16 CDT 2007

Stephen Rider wrote:
> The admin would like to be able to upload photos that only a  
> particular person (with username/password) can see.

IMO, the best way to do this is to store the images outside of public_html/.

then, call the images which something like image.php?filename=XXXXX.jpg

image.php calls the image using a uri such as 

send the correct headers, and you can do user verification check before 
the image is written out to the screen.
if($loggedin) { send image header, get file }
else { redirect to no permission page, or send a "sorry.gif" image out 
instead }

If you want to get tricky, you can add some mod_rewrite action to make 
the image.php script seem non-existant

More information about the thelist mailing list