0

There are a couple suggestions out there, but I don't know which one I should use, or what would be the best for me. One sounded like you'd actually encode each image as a string and then show that. Another sounded like setting up a user/login thing and then dictating the location of the image by the user ID, but I want to avoid something complicated as that.

Basically, all my photos are organized into subfolders, in a master folder called "photos". I use a PHP script I wrote to scan this directory and create all the galleries from sub directories (see my post about this here).

The problem though is if you view source, you'll see direct links to all my photos. Is there a way to disable access to all the photos, but still allow my php script and fancybox to get at them? I'm not too savvy on the server-side stuff, but I'm learning.

Thanks for any recommendations.

Community
  • 1
  • 1
dotcommer
  • 171
  • 1
  • 11
  • 3
    Check out this StackOverflow question: http://stackoverflow.com/questions/10236717/htaccess-how-to-prevent-a-file-from-direct-url-access – Mike L. Dec 11 '15 at 19:50
  • The top-rated answer almost gets what I want accomplished. Adding the RewriteEngine bit to .htaccess definitely blocks access to the photo directly, but if I view source of my site and right-click a link and either "save as" or "open in new window/tab", I can still access that file. Any suggestions? – dotcommer Dec 11 '15 at 21:24
  • 1
    @dotcommer you can't be protected from this, everything in the web can be saved by user – Iurii Tkachenko Dec 11 '15 at 22:06
  • Then I want to make it very difficult to do so. How about the encoding image as string method? Wouldn't that work? See my response to your first answer. Thanks! – dotcommer Dec 11 '15 at 23:59

1 Answers1

1

Encoding image as a string is the most secure option since only your scripts will access your images, you can place them outside your web root directory. And encoding itself is not so difficult:

$path = 'path/to/image.jpg';
$type = pathinfo($path, PATHINFO_EXTENSION);
$data = file_get_contents($path);
$base64 = 'data:image/' . $type . ';base64,' . base64_encode($data);

echo '<img src="' . $base64 . '" />';
Iurii Tkachenko
  • 3,106
  • 29
  • 34
  • Ok, so I'm guessing I could wrap this up in its own php file, and then call it in my index.php. But how do I incorporate it into my php script that scans a directory and creates links to lightbox galleries? Check my post I linked originally to see how that script is formatted. Also, I see you're using " but lightbox requires hrefs. – dotcommer Dec 11 '15 at 21:46
  • Actually, [link](http://stackoverflow.com/a/34087655/5645483) works really well. But i'm wondering if this can work for lightbox which requires href tag instead of img src. Thoughts? – dotcommer Dec 11 '15 at 23:00
  • Yeah, I got it working. Creates one hell of a word scramble in there. But I notice even when I encode the href in base64, if I look at the source (in chrome), it creates direct links to assets, regardless of whether its base64 or what. So I don't know if there's any other way to protect these files from potentially being ripped. Base64 doesn't seem to be an issue if you at least have chrome and are snooping in the source of the site. One of those times Chrome is a bit TOO helpful... – dotcommer Dec 16 '15 at 06:34