tags:

views:

194

answers:

3
+2  Q: 

Restricting access to images on a website

I'm putting together a portfolio website which includes a number of images, some of which I don't want to be viewable by the general public. I imagine that I'll email someone a user name and password, with which they can "log-in" to view my work.

I've seen various solutions to the "hide-an-image" problem on line including the following, which uses php's readfile. I've also seen another that uses .htaccess.

http://stackoverflow.com/questions/1050975/use-phps-readfile-or-redirect-to-display-a-image-file

I'm not crazy about the readfile solution, as it seems slow to load the images, and I'd like to be able to use Cabel Sasser's FancyZoom, which needs unfettered access to the image, (his library wants a link to the full sized image), so that rules out .htaccess.

To recap what I'm trying to do:

1) Provide a site where I give users the ability to authenticate themselves as someone I'd like looking at my images. 2) Restrict random web users from being able see those images. 3) Use FancyZoom to blow up thumbnails.

I don't care what technology this ends up using -- Javascript, PHP, etc. -- whatever's cleanest and easiest.

By the way, I'm a Java Developer, not a web developer, so I'm probably not thinking about the problem correctly.

+3  A: 

Using .htaccess should be the safest/simplest method, as it's built in functionality of the webserver itself.

Kitsune  2009-07-29 19:00:31
I don't want to use the Auth directives, as those pop up a dialog. I looked into using the following:[code start]SetEnvIf Referer "http://www.mydomain.com/" ALLOW_ACCESSDeny from allAllow from env=ALLOW_ACCESS[code end]But FancyZoom image requests failed to pass the SetEnvIf.
Ken  2009-07-29 19:08:35
+5  A: 

Instead of providing a link to an image. Provide a link to a cgi script which will automatically provide the proper header and content of the image.

For example: image.php?sample.jpg

You can then make sure they are already authenticated (e.g. pass a session id) as part of the link.

This would be part of the header, and then your image data can follow.

header('Content-Type: image/jpeg');

Edit: If it has to be fast, you can write this in C/C++ instead of php.

Juan  2009-07-29 19:04:31
Right, this is basically the readfile solution. What I didn't realize was that I could pass image.php?sample.jpg in the a's href that wraps my image (FancyZoom expects the thumbnail image to be wrapped by link that points to the full sized image. Passing image.php?full_size_sample.jpg in the href does the trick!Thanks.
Ken  2009-07-29 19:34:19
If you roll this yourself, be EXTREMELY careful that you don't expose all the data on your system *as well as* making it rather easy to perform a XSS attack. A white-list of possible files is the safest method if you're going with this.
Kitsune  2009-07-29 19:43:03
A: 

I do not know if it fits your needs, but I solved a similar poblem(giving pictures to a restricted group of people) by using TinyWebGallery, which is a small gallery application without database.

You can allow access to different directories via password and you can upload pictures directly into the filesystem, as TinyWebGallery will check for new dirs/pics on the fly. It will generate thumbnails and gives users possibility to rate / comment pictures (You can disable this).

This is not the smallest tool, however I thik it is far easier to setup than using apache directives and it looks better as naked images.

Peter Parker  2009-07-29 19:17:39

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?