[thelist] user-secure photos?
Brian Cummiskey
brian at hondaswap.com
Thu May 17 12:20:16 CDT 2007
Stephen Rider wrote:
> The admin would like to be able to upload photos that only a
> particular person (with username/password) can see.
>
IMO, the best way to do this is to store the images outside of public_html/.
then, call the images which something like image.php?filename=XXXXX.jpg
image.php calls the image using a uri such as
/home/username/folder/path/to/image.jpg
send the correct headers, and you can do user verification check before
the image is written out to the screen.
if($loggedin) { send image header, get file }
else { redirect to no permission page, or send a "sorry.gif" image out
instead }
If you want to get tricky, you can add some mod_rewrite action to make
the image.php script seem non-existant
More information about the thelist
mailing list