I am attempting to call a script that actually renders the image and
then check for a session variable. However, the session variable does
not seem to be there...
<?php
$fn = $_GET['id']; // filename
$p = $_GET['p']; // path
$img = "/srv/pix/" . $p . "/" . $fn ; // where the photos are + path + filename
if ( $_SESSION['photoid'] != md5("validphoto") ) // set by caller script
die( "Invalid photo request" ); // or redirect to alternate image
$_SESSION['photoid'] = "";
$render = @imagecreatefromjpeg( $img );
header("Content-type: image/jpeg");
imagejpeg($render,'',100);
imagedestroy ($render);
?>
Does anybody have an idea why the session var is not available?
The script above is called with this:
$_SESSION['photoid'] = md5("validphoto");
echo "<p><img border=0 src='showimage.php?id=$get_pic&p=$from'
alt=\"Photo $get_pic being located...\"></p>";
Gerry
On 2/7/06, hbeaumont hbeaumont <ahlist@xxxxxxxxx> wrote:
> Hi,
>
> I have a site with images that I want people to download but not have
> the direct path to. ie. I do not want them to be able to just view the
> source, find the dir and then download everything or direct link to
> them.
>
> However I can see no way to do this other than keeping the images on
> disk, having a php script read them and then spit them out. example:
>
> view.php?92348924 where 92348924 is a code that translates to the
> image on disk.
>
> Can anyone think of a better method? If not, what is the most
> efficient way to do this (ie. avoid the most i/o)
>
> Thanks!
>
>
> P.S. I also realize I could use .htaccess to stop direct linking and
> turn off directory indexes. Still I think there might be some other
> problems with .htaccess
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Gerry
http://portal.danen.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
