1. Authenticate user
2. Put the pictures in a "secret" folder or outside http_root
3. Do this:
<?php
header("Content-Type: application/download\n");
header("Content-Disposition: filename=\"$file\"");
$fn = fopen("$file" , "r");
fpassthru($fn);
?>
I hope this helps!
Fredrik A. Takle
[EMAIL PROTECTED]
www.iportal1.com
""Arash Dejkam"" <[EMAIL PROTECTED]> wrote in message
9gvk5g$8o0$[EMAIL PROTECTED]">news:9gvk5g$8o0$[EMAIL PROTECTED]...
> Hi,
>
> I'm going to make a page in which users (being authenticated by PHP
session
> management) upload pictures and specify which other users can see those
> pictures, and I want all the process be automated, and I don't want to use
> Apache protection on directories, now I have a problem: if I store images
in
> a directory which is in root directory
> of HTTP server, then any user can access any image by sending a direct
> query from his browser like :
> www.mysite.com/members/images/img023.jpg even if he is not allowed. and
also
> I can not save image out of HTTP root directory because then http can not
> serve them.
> I found a very foolish solution for this :) I can store the images out of
> HTTP root dir and then use a PHP script which first checks the session ID
> and then sends the images with ImageCreateFromJPEG() and ImageJPEG()
> functions.
>
> Can anybody give me a better way to solve this problem ?
>
> Thanks
> Arash Dejkam
>
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
