|
|
Posted by Michael Vilain on 05/26/06 10:57
In article <e562u7$1sf$1@yggdrasil.glocalnet.net>,
"Garry Jones" <garry.jones@morack.se> wrote:
> I need to create a page with a password where I show photos. How do I stop
> people from accessing the jpgs directly without going through the password
> function.
>
> I am using Windows XP and have a website which supports Mysql and php.
>
> The end result should be a page where the user can type in a password and
> access a few pages of thumbnails which can be clicked for enlargements.
>
> Garry Jones
> Sweden
You might be able to put the images in a directory not directly in the
web server's document directory, then write a php page that, given the
name of the file in either a GET or POST argument will open the image
file, send the correct header, and display the image. Be sure to
properly check for path injection and non-image filenames, so they can't
display stuff they shouldn't be able to. Don't allow wildcards on
filenames.
Or stuff the image in a MySQL database BLOB and pull it out using a php
page.
--
DeeDee, don't press that button! DeeDee! NO! Dee...
Navigation:
[Reply to this message]
|