users can access images directly but shouldn't be able to

[Happy Camper]

I just noticed today that if i change "gallery/files/1/picture_thumb.jpg" to "gallery/files/1/picture.jpg" I can access the full size image. I have my permissions set up properly and the .htaccess setting set to ON. How can i prevent a user from accessing the image this way without moving all my files into the database?

thanks
eric

[Happy Camper]

anyone?

There's really not a way to fully protect your images without having them in the document root, which should be an option in the next version of the gallery.

[Happy Camper]

thanks brian

Small correction, I meant to say "below the document root", not "in the document root".

[Happy Camper]

one question about the images being stored below the document root: when a user views the full-szed image (one of which that is being stored outside the public_html) will they ONLY see the image or will they see the page header, info about the image, the page footer, etc?

im just curious because i have been playing around with storing/displaying images from below the root and it seems after you serve the image you can't send any html to format the page whatsoever.

eric

If they're moved below the document root you can still display them with an <img> tag that points to displayimage.php.

[Happy Camper]

right, but will you also be able print other things, such as the image name, filesize, replies, etc after you have declared the various header(Content-...) that you will need to server the image?

i hope that makes sense...

Yes. It doesn't matter whether the <img> tag points to a .php file or an image, the rest of the page is still exactly the same.

[Happy Camper]

cool! i heard that was impossible so i'll need to figure that out. if you could point me to any resources/tutorials that you know of on how to do that I'd really appreciate it. If you're not too busy, of course.

thanks
eric

Look at your displayimage.php file with the gallery.