limit image views on table field value
Hi i have a gallery page and i can set the gallery to either public or private.
if it is public of course everyone can see it. If it is private then only the owner can see it.
My members want to be able to link to images in chat, and i can do that by just posting the url in chat.
The problem is that if the album is private (table field is set to "Private") it still shows the image.
What is the best way that when someone posts a url of an image it checks to see if the db value is private and if so it blocks from view.
I know how to do php but i dont know what option or function to use for this.
You simply serve an image from a PHP script given an id or name or whatever. The script pushes the headers and serves itself as the binary data. This can be used to control access. Can be chained with htaccess to rewrite image lookups with that of the script.
To get my brain wrapped about the logic here.
1. Serve the image from a php script.
a. that tells me that rather than use the actual url of the image i would need to have a form in the chat to do the post value to that gallery php file to process release of the file or block it.
b. or assign specific url just for private albums and have a seperate table for private albums.
Then if i do the rewrite in htaccess and someone requests the image that does not meet the condition of the rewrite then they are taken lets say to the front page of the site instead.
So basically what your saying is block all normal urls for the image in private albums thru htaccess. And only allow the specific url to access the php file by grabbing the referrer and if it does not match certain criteria then just reset the url value to a page that says not authorized.
Is that the main concept here. I would like to do this without having to split my private albums into a new table that would be miserable to do with the number of members i have.
I mean serve all images through script. That way when you copy the source url from it you'll end up with a .php file, so you'd have image.php?id=5 for an example. That is used to lookup the image and simply passes it through. Since it's a PHP script you can bind any rules to it as you would any other script, but the only difference is that you must return an image for it, so make sure you have a default image indicating its locked or whatever in case they don't pass the check.
Then make sure all the images are above the directory root so you cannot access them directly.
.htaccess wise, you can determine if it is an image, then take that name and forward it to the image script. This way you can still have myimage.jpg, but instead maps to image.php?id=myimage.jpg for example.
The goal is to simply make sure that a script controls access to the resource. The most effective way to guarantee that is to make the resource accessible only through the script.
Got ya, basically have one door in or out and use the php for the doorman lol... I like the idea of having them above the public html thats great.
Ok i will let you know my progress, the members are hot for this but i will tell them to take it easy it might take a bit.
Thanks soooooooooooooo much.... :)
|All times are GMT +1. The time now is 07:41 AM.|
Powered by vBulletin®
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.