hbeaumont hbeaumont wrote: >Hi, > >I have a site with images that I want people to download but not have >the direct path to. ie. I do not want them to be able to just view the >source, find the dir and then download everything or direct link to >them. > >However I can see no way to do this other than keeping the images on >disk, having a php script read them and then spit them out. example: > >view.php?92348924 where 92348924 is a code that translates to the >image on disk. > > > Doing this would cause an extra hit to disk to load the PHP script and the image instead of just the image file, if you are concerned about disk I/O. You could go the script route as you have mentioned and also add a check on HTTP_REFERER to ensure they came from your site. You might even set a cookie and ensure that exists as well. Randomize the image numbers so they are not sequential, add some alpha characters to make it real fun. Give a 404 Not Found instead of an error if the referer or cookie wasn't set to add some obscurity to the mix. This will deter most people from grabbing all of the images, but if they are available to the public for download it will always be possible for someone to figure out your counter measures. It doesn't mean you can't make it trivial enough that they move along to the next site. Travis Doherty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
