I've got a category which only members of a specific usergroup (paid subscription) can access.
Now their subscription expired, they don't have access to the category any more.
But what if they did copy the direct URLs to the images?
Then they can still access them.
Question: How can I prevent anyone from viewing the images who does not have permission to do so? The is a must have for me.
Do you mean a direct URL to the actual image name itself or a URL to the gallery index page? If you mean to the actual image name I don't think there is too much that can be done about it because the files are being stored on disk instead of in the DB.
There would be a few ways to protect them. One simple method would be to store the files below your root directory, but then we run into the problem of having to process too much just to show some thumbnails. Something like that may be worth it for some users, but I wouldn't think it would be for most.
htaccess referrer protection is easy to implement and works great. Google for it or consult the photopost site.
But the support issues will kill you. Many adults saw ZoneAlarm et. al. selling them "privacy and security and safety" so they snapped it up. Now their browsers are not sending referrers in the headers, and the adults haven't got a clue how to configure their privacy to make an exception for your site.
Or, scan your weblogs every once in a while and start using htaccess to block the unknowns. Or... this is a subject that thrives in adult webmaster forums.
Don't let it bog down gallery development. Keep the coding at vb strength: solid php code is the best defense.
Never show direct urls. I haven't seen the gallery do that yet, but I'm still just getting wet. If a body is going to gig through the html to pull out the url, you have a genuine and determined thief on your hands. It's outside the scope of this software.