You simply serve an image from a PHP script given an id or name or whatever. The script pushes the headers and serves itself as the binary data. This can be used to control access. Can be chained with htaccess to rewrite image lookups with that of the script.
a. that tells me that rather than use the actual url of the image i would need to have a form in the chat to do the post value to that gallery php file to process release of the file or block it.
b. or assign specific url just for private albums and have a seperate table for private albums.
Then if i do the rewrite in htaccess and someone requests the image that does not meet the condition of the rewrite then they are taken lets say to the front page of the site instead.
So basically what your saying is block all normal urls for the image in private albums thru htaccess. And only allow the specific url to access the php file by grabbing the referrer and if it does not match certain criteria then just reset the url value to a page that says not authorized.
Is that the main concept here. I would like to do this without having to split my private albums into a new table that would be miserable to do with the number of members i have.
I mean serve all images through script. That way when you copy the source url from it you'll end up with a .php file, so you'd have image.php?id=5 for an example. That is used to lookup the image and simply passes it through. Since it's a PHP script you can bind any rules to it as you would any other script, but the only difference is that you must return an image for it, so make sure you have a default image indicating its locked or whatever in case they don't pass the check.
Then make sure all the images are above the directory root so you cannot access them directly.
.htaccess wise, you can determine if it is an image, then take that name and forward it to the image script. This way you can still have myimage.jpg, but instead maps to image.php?id=myimage.jpg for example.
The goal is to simply make sure that a script controls access to the resource. The most effective way to guarantee that is to make the resource accessible only through the script.
Got ya, basically have one door in or out and use the php for the doorman lol... I like the idea of having them above the public html thats great.
Ok i will let you know my progress, the members are hot for this but i will tell them to take it easy it might take a bit.
Thanks soooooooooooooo much....
Yep. Won't take you long if you already have the control system set up in a db or in the filesystem or whatever. You just need to check if they have read, if not fpassthru on a generic image, otherwise fpassthru on theirs. Trick is to make sure you push the proper content type, but you can fetch that with getimagesize() regardless of if you have the GD library installed or not.