FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


[tutor] How to protect images without htaccess using PHP





toplez
On numerous occassions I have been asked how to serve images from a non-web accessible directory. A lot of sites now a days sell content and with the latest in php technologies like sessions and such, people like to use session management and authentication on their websites, without using .htaccess files in their directory. The easiest solution to protecting images is by reading them from a directory outside the document root on the webserver and serving it to another php script. This helps in two ways.
1. People cannot link directly to your images via a URL.
2. You can use another script to serve the image and make people login to view the image as well you could use your own html design dynamically around the image.

This is actually a pretty simple technique to use on your sites. First you will create a php script that will print the appropriate header out and then serve the image. Let's call the first script readimage.php.

Code:
<?php
/* This script takes a variable named $path strips off the last 3 characters to see what the extension is,
and processes it accordingly */
$extension = substr($path, -3);
if($extension == "jpg"){
header("Content-type: image/jpeg");
}elseif($extension == "gif"){
header("Content-type: image/gif");
}
/* YOU COULD ADD MORE HERE TO SEND ERRORS IF YOU RECEIVE A WEIRD IMAGE TYPE! */
readfile("$path");
?>


That is all there is to reading the image. There are a couple other things we could do here. One of the main problems is that you have to pass an entire path to this script...

/home/yourname/images/img.jpg

Obviously there could be some security concerns with a situation like this, so what I normally do is put a base path in the script:

Code:
$base_path = "/home/yourname/";
$path = $base_path.$path;


Here is how this could help hide the location of your images. Without the base path in the script you would call the script like this:

Code:
readimage.php?path=/home/yourname/images/img.jpg


When you add the base path variable to the script you can call the script like this:

Code:
readimage.php?path=images/img.jpg


Now I am sure you are wondering to yourself, but how could I protect that and make the image displayed in my own html page so that it can have customized content around it also? First lets start off with a simple php script that is named showcontent.php

Code:
<body bgcolor="white">
<?php
/* showcontent.php */
/* You could put your authentication here to make sure users can view the image! */
?>
<center><img src="readimage.php?path=images/img.jpg"></center>
</body>


I am sure all of you are looking at the above and are thinking, why does that have to be php? Well realistically it doesn't , but if you want to add security to the page so that everyone cannot view it, you could use this type of setup and just include your authentication class or whatever you use for security. By developing something like this you could really make the showcontent page a perl script, php, asp or whatever you want as long as your server can also parse php documents as it will need to for the readimage.php.

I hope this helped you understand how to serve images using php. With the examples I gave above, there is really no limitation on what you can do to protect images, this is just one simple way that could be up and running in no time.
Seregwethrin
Thanx but there's a error

Code:
$extension = substr($path, -3);
if($extension == "jpg"){
header("Content-type: image/jpeg");
}elseif($extension == "gif"){
header("Content-type: image/gif");



If picture's extension is "jpeg" not jpg or not gif, it has 3 letters. So you must edit and readatp your code. Like this

Code:

$extension = substr($path, -3);
if($extension == "jpg" || $extension == "epg"){  //for jpeg extensions
header("Content-type: image/jpeg");
}elseif($extension == "gif"){
header("Content-type: image/gif");
mathiaus
--moved--
animefan
That's actually a good idea, if you would like to give bigger downloads, that you want to be limited, to on your site download, thanx for this tutorial it's been very helpful.
charliehk
thanks a lot! This tip is very useful!!
I think I will try this later. Anyway, I wonder if the Hotlink protection in CPanel could do basic protection. It says

HotLink protection prevents other websites from directly linking to files (as specified below) on your website. Other sites will still be able to link to any file type that you don't specify below (ie. html files). An example of hotlinking would be using a <img> tag to display an image from your site from somewhere else on the net. The end result is that the other site is stealing your bandwidth.

I guess that is similar. Who has used it anyway? Question
mathiaus
Cpanel blocks the use of specified file types in all directories while this script I believe only blocks the use from certain directories which is more convienient to most (especially if you a topsites list or something similar)
charliehk
But I saw the Cpanel screen, it has a textbox for entering directories which will be affected. So administrators don't use that? Why? Not flexible enough? Question

mathiaus wrote:
Cpanel blocks the use of specified file types in all directories while this script I believe only blocks the use from certain directories which is more convienient to most (especially if you a topsites list or something similar)
Guest
Seregwethrin wrote:
Thanx but there's a error

Code:
$extension = substr($path, -3);
if($extension == "jpg"){
header("Content-type: image/jpeg");
}elseif($extension == "gif"){
header("Content-type: image/gif");



If picture's extension is "jpeg" not jpg or not gif, it has 3 letters. So you must edit and readatp your code. Like this

Code:

$extension = substr($path, -3);
if($extension == "jpg" || $extension == "epg"){  //for jpeg extensions
header("Content-type: image/jpeg");
}elseif($extension == "gif"){
header("Content-type: image/gif");



opss.. iam sorry about thats Rolling Eyes Rolling Eyes
Related topics
Using PHP
Includ Images using PHP.
How to start using PHP? Help!
Website Designing using PHP
how can i setup a page break for printer on html using php ?
Reading word documents using PHP?
I am trying to build a contact form using php and flash
Communicating between web pages
how to compress a file using php ?
Checking if ports are up using PHP
Hot to change "Reset Ownership" using php?
Using php to change content of a .txt
How to get the tree structure done using PHP
Making a expression calculator using PHP.
Reply to topic    Frihost Forum Index -> Miscellaneous -> Tutorials

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.