you are so close .. store the images outside the http root. have a php page
verify the user and use
header('content-type: image.jpeg');
readfile('/tmp/image.jpg');
there ya go. its the only way i can see.
--
Chris Lee
[EMAIL PROTECTED]
""Arash Dejkam"" <[EMAIL PROTECTED]> wrote in message
9gvk5g$8o0$[EMAIL PROTECTED]">news:9gvk5g$8o0$[EMAIL PROTECTED]...
> Hi,
>
> I'm going to make a page in which users (being authenticated by PHP
session
> management) upload pictures and specify which other users can see those
> pictures, and I want all the process be automated, and I don't want to use
> Apache protection on directories, now I have a problem: if I store images
in
> a directory which is in root directory
> of HTTP server, then any user can access any image by sending a direct
> query from his browser like :
> www.mysite.com/members/images/img023.jpg even if he is not allowed. and
also
> I can not save image out of HTTP root directory because then http can not
> serve them.
> I found a very foolish solution for this :) I can store the images out of
> HTTP root dir and then use a PHP script which first checks the session ID
> and then sends the images with ImageCreateFromJPEG() and ImageJPEG()
> functions.
>
> Can anybody give me a better way to solve this problem ?
>
> Thanks
> Arash Dejkam
>
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
