Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,452
    Thanks
    275
    Thanked 32 Times in 31 Posts

    limit image views on table field value

    Hi i have a gallery page and i can set the gallery to either public or private.

    if it is public of course everyone can see it. If it is private then only the owner can see it.

    My members want to be able to link to images in chat, and i can do that by just posting the url in chat.

    The problem is that if the album is private (table field is set to "Private") it still shows the image.

    What is the best way that when someone posts a url of an image it checks to see if the db value is private and if so it blocks from view.

    I know how to do php but i dont know what option or function to use for this.

    thanks.

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    You simply serve an image from a PHP script given an id or name or whatever. The script pushes the headers and serves itself as the binary data. This can be used to control access. Can be chained with htaccess to rewrite image lookups with that of the script.

  • #3
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,452
    Thanks
    275
    Thanked 32 Times in 31 Posts
    Thanks Fou-Lu

    To get my brain wrapped about the logic here.

    1. Serve the image from a php script.

    a. that tells me that rather than use the actual url of the image i would need to have a form in the chat to do the post value to that gallery php file to process release of the file or block it.
    b. or assign specific url just for private albums and have a seperate table for private albums.

    Then if i do the rewrite in htaccess and someone requests the image that does not meet the condition of the rewrite then they are taken lets say to the front page of the site instead.

    So basically what your saying is block all normal urls for the image in private albums thru htaccess. And only allow the specific url to access the php file by grabbing the referrer and if it does not match certain criteria then just reset the url value to a page that says not authorized.

    Is that the main concept here. I would like to do this without having to split my private albums into a new table that would be miserable to do with the number of members i have.

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    I mean serve all images through script. That way when you copy the source url from it you'll end up with a .php file, so you'd have image.php?id=5 for an example. That is used to lookup the image and simply passes it through. Since it's a PHP script you can bind any rules to it as you would any other script, but the only difference is that you must return an image for it, so make sure you have a default image indicating its locked or whatever in case they don't pass the check.
    Then make sure all the images are above the directory root so you cannot access them directly.
    .htaccess wise, you can determine if it is an image, then take that name and forward it to the image script. This way you can still have myimage.jpg, but instead maps to image.php?id=myimage.jpg for example.
    The goal is to simply make sure that a script controls access to the resource. The most effective way to guarantee that is to make the resource accessible only through the script.

  • Users who have thanked Fou-Lu for this post:

    durangod (10-02-2012)

  • #5
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,452
    Thanks
    275
    Thanked 32 Times in 31 Posts
    Got ya, basically have one door in or out and use the php for the doorman lol... I like the idea of having them above the public html thats great.

    Ok i will let you know my progress, the members are hot for this but i will tell them to take it easy it might take a bit.

    Thanks soooooooooooooo much....

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Quote Originally Posted by durangod View Post
    Got ya, basically have one door in or out and use the php for the doorman lol... I like the idea of having them above the public html thats great.

    Ok i will let you know my progress, the members are hot for this but i will tell them to take it easy it might take a bit.

    Thanks soooooooooooooo much....
    Yep. Won't take you long if you already have the control system set up in a db or in the filesystem or whatever. You just need to check if they have read, if not fpassthru on a generic image, otherwise fpassthru on theirs. Trick is to make sure you push the proper content type, but you can fetch that with getimagesize() regardless of if you have the GD library installed or not.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •