Not signed in (Sign In)
SkillShare - A place to discuss Web Standards and Web Design topics
Categories
Vanilla 1.1.9 is a product of Lussumo. More Information: Documentation, Community Support.
- Friends
-
I'm trying to accomplish something with mod_rewrite, and I'm not having any success. Here's my situation... I'm working on a web application for a photographer. She wants to allow her clients to log in and view their proofs, select photos for printing, etc. I'm still very early in the process (requirements determination, etc.). I'm thinking I'll probably use Rails for the app.
In this setup, I'm going to end up having the proofs in a directory under the site's root; for example: /images/proofs/[client_id]/[photoshoot_id]/[file_name].jpg. I want to prohibit the users from viewing these images directly in their web browser, mainly because that would allow them to view photos for other clients by guessing other client IDs. I know that I can use fairly cryptic URLs, but that's a less than ideal solution as far as I'm concerned. So, the question is this: is there any way to prevent a user from viewing the image directly without disabling displaying the image using an img tag?
I know how to disable viewing the images, but it means that I can't use the image in an img tag either. If there's a solution out there using something other than mod_rewrite, I'm more than willing to listen to that as well... -
I've come up with a solution that may work, but I'd love to hear what you all think of it...
I put this .htaccess file in my images subdirectory:
RewriteEngine On
RewriteRule ^([A-Za-z0-9/]+\.(gif|jpg|png))$ /images/img.php?file=$1&ext=$2Then, I created "img.php" in the images subdirectory. Its contents are:
<?php
# If a file name was not given, exit.
if (strlen($_GET['file']) == 0 || strlen($_GET['ext']) == 0) exit();
# If there was no referrer (blocked or URL entered directly), redirect to policy.
if (strlen($_SERVER['HTTP_REFERER']) == 0)
header('Location: /image_viewing_policy');
# Set the content type for this image.
header('Content-type: image/' . $_GET['ext']);
# Print the image file.
echo(file_get_contents($_GET['file']));
?>This seems to work as I had hoped, but I'm concerned about the performance implications as the site grows. What do you think?
1 to 2 of 2