|
Posted by Christoph Burschka on 12/01/06 13:11
The Eclectic Electric schrieb:
> "Tim" <tim@gmail.com> wrote in message news:ekn7c901gss@drn.newsguy.com...
>
>>On Wed, 29 Nov 2006 17:14:31 GMT, The Eclectic Electric wrote...
>>
>>>I have a website (www.listyblue.com) that allows people who register to
>>>upload their own "mascot" images. I'd like for these to be viewable only
>>>by
>>>them but at the minute they're easily accesible to everyone.
>>>
>>>Is there a way to protect these other than storing them outside of the web
>>>space and copying them in for the duration of the session?
>>>
>>>+e
>>>
>>>
>>
>>You might need to clarify "viewable only by them but easily accessible to
>>everyone". I don't think you can have a file that is only viewable by one
>>person
>>but easily accessible to the world. The second requirement contradicts the
>>first.
>>
>
>
> I'd like for these to be viewable only by them but *at the minute* they're
> easily accesible to everyone.
>
> +e
>
>
You will need to put a PHP script between the files and the public website.
Place the uploaded images (named [user-id].png or whatever) into a
separate folder that cannot be seen by the public (using .htaccess or
something else). Then use a publically accessible php script that does
something like this:
<?php
$id=$_COOKIE['login_id'];
if (!$id) {
header("HTTP/1.1 404 Not Found");
exit;
}
header("Content-type: image/png");
readfile($protected_directory.'/'.$id.'.png');
?>
This will increase the server load for the image, but it's about the
only way to do this easily.
The script will check the login cookie, find the user's id, and display
the appropriate image. You'll need to do a lot more than this to make it
work well, though.
[Back to original message]
|