View Full Version : users can access images directly but shouldn't be able to
August 17th, 2005, 12:24 PM
I just noticed today that if i change "gallery/files/1/picture_thumb.jpg" to "gallery/files/1/picture.jpg" I can access the full size image. I have my permissions set up properly and the .htaccess setting set to ON. How can i prevent a user from accessing the image this way without moving all my files into the database?
August 20th, 2005, 02:34 AM
August 20th, 2005, 12:49 PM
There's really not a way to fully protect your images without having them in the document root, which should be an option in the next version of the gallery.
August 20th, 2005, 06:10 PM
August 21st, 2005, 02:15 PM
Small correction, I meant to say "below the document root", not "in the document root". :)
August 28th, 2005, 07:59 AM
one question about the images being stored below the document root: when a user views the full-szed image (one of which that is being stored outside the public_html) will they ONLY see the image or will they see the page header, info about the image, the page footer, etc?
im just curious because i have been playing around with storing/displaying images from below the root and it seems after you serve the image you can't send any html to format the page whatsoever.
August 28th, 2005, 12:57 PM
If they're moved below the document root you can still display them with an <img> tag that points to displayimage.php.
August 28th, 2005, 05:39 PM
right, but will you also be able print other things, such as the image name, filesize, replies, etc after you have declared the various header(Content-...) that you will need to server the image?
i hope that makes sense...
August 29th, 2005, 07:26 AM
Yes. It doesn't matter whether the <img> tag points to a .php file or an image, the rest of the page is still exactly the same.
August 29th, 2005, 07:34 AM
cool! i heard that was impossible so i'll need to figure that out. if you could point me to any resources/tutorials that you know of on how to do that I'd really appreciate it. If you're not too busy, of course. :)
August 29th, 2005, 07:43 AM
Look at your displayimage.php file with the gallery. ;)
vBulletin® v3.8.1, Copyright ©2000-2014, Jelsoft Enterprises Ltd.