Hi,
I'm going to make a page in which users (being authenticated by PHP session
management) upload pictures and specify which other users can see those
pictures, and I want all the process be automated, and I don't want to use
Apache protection on directories, now I have a problem: if I store images in
a directory which is in root directory
of HTTP server, then any user can access any image by sending a direct
query from his browser like :
www.mysite.com/members/images/img023.jpg even if he is not allowed. and also
I can not save image out of HTTP root directory because then http can not
serve them.
I found a very foolish solution for this :) I can store the images out of
HTTP root dir and then use a PHP script which first checks the session ID
and then sends the images with ImageCreateFromJPEG() and ImageJPEG()
functions.
Can anybody give me a better way to solve this problem ?
Thanks
Arash Dejkam
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
