|
|
Posted by Good Man on 04/24/06 20:23
"The Numerator" <alvin4jesus@gmail.com> wrote in
news:1145849539.405551.3470@t31g2000cwb.googlegroups.com:
> I have a folder full with images, and for security reasons I don't want
> anyone to know where the folder is. So, to call images, I know there is
> a way to call like a PHP file instead. For example Galley 2 (a
> PHP-enabled photo album) safetly tucks away the actual images and in
> the image source, it calls for something like
> "main.php?g2_view=core.DownloadItem&g2_itemId=12&g2_serialNumber=3".
>
> How do you do that? Do you need to use the database to do this? Thank
> you.
yes, use a database, but not to store images in.
put the images in a folder above the web root. that way, the images
simply cannot be accessed via the web, period.
in the database, store the image name, the path to the image (from the
SERVER's point of view, not a web address, since there is no web address
that can access the image), and a 'keystring', generated by you/your app,
that uniquely identifies the database entry. For example, the keystring
for image 1 could be 'asdiuhsadha1312' and for image 2, it could be
'fjgkjdfgudsagh'.
to retrieve, or link to the image on a webpage, you could call the file
"fetchphoto.php" like so:
<a href="fetchphoto.php?vKeystring=asdiuhsadha1312">Fetch this photo!</a>
your 'fetchphoto.php' page then looks up the server path to the image in
the database (according to the keystring), and uses fopen() and fread()
to deliver the image to the web browser.
this method is infinitely easier than the others suggested IMHO.
ps: the reason you use a 'keystring' and not just an ID from the database
is to prevent people from changing "fetchphoto.php?vID=1" to
"fetchphoto.php?vID=2" and download other photos that they shoudn't.
good luck.
Navigation:
[Reply to this message]
|