Help with security

Hi,
I’m pretty new to forums, so I hope it’s ok just starting a new thread. Anyway, my question is about restricting access to the root directories of a website. I’ve recently created a website in which I mainly want to show photos to my friends, but I don’t want random people looking at them. At the moment you need to log in to view them, but it’s still possible to type the root address in the address bar and view the photos. Is there anyway I can stop people from doing that.
Well, thanks a lot!
Wiggles

Welcome to the forums!

Welcome to the forumz!

So you have a login page then? You should make that the default page like index.php or aspx (or whatever extension you have).

Thanks for the welcome!
To karinne, that's true about having the login for the index, but (me being fussy) I have other photos on the website, and it's just these particular photos that I want to be private... Thanks a lot though, it was good thinking!
wiggles

Ok so ... you must have a main index page with categories of photos then right? So you should make a section and call it private, just put the titles in and if people click on one of the link, then they get the login page.

Mmm, yeah, at the moment that's what happens, the trouble is that people can still type in the address bar, for example: http://fake/images/private/fake.jpg and view it. The login uses a cookie, but it only checks for a cookie on an actual page... not a file....
wiggles

edit: sorry I didnt think it would try and link that.... the address was an example.

Oh ... I see what you mean ... hmmm ... not sure then.

Maybe with .htaccess you can do something that if they type in that /private/ folder it sends them directly to a login page? I'm not too familiar on the workings of .htaccess... I'm just learning that stuff myself but I'm pretty sure that would be the way to go.

Oh OK, I'll have to look into that, I've never heard of it.
Mmm, well thank you so much for the help! I was hoping there might be a quick fix...(never is :P)
wiggles

Check and see if your webhost offers password protected pages? That might be a simple fix.

Is there any way you could use PHP to print an image that's on the server, but not in a browser accessible place? That could be an option... if it's possible.

Mmm, I'll have to ask about the password protected pages! Thanks
That's a good idea about printing the image, I'll have to look into that too! Thanks a lot!
Wiggles

Can't you put the images in a database and make it so they can only be accessed after a user has logged in. Or is that what you said ryan?

Pete.

That's sort of related to what I said. It would work, I was just wondering if PHP could read an image and then display it on a page. You know, like putting the image in a location before the HTTP root and then using PHP to access it.

Yea, both of those ideas are great! But I'm not really sure how to do databases, but I guess it's a great time to learn hey! Do either of you have any tips on how to do what you suggested?
wiggles

I'm lost with all that stuff (though I am getting better) but I can reccomend 2 books. First one (which is a little more friendly) is PHP and MySQL for Dynamic Websites (second edition) by Larry Ullman and the other is Web Database Applications with PHP and MySQL by Hugh E. Williams & David Lane. The first one is a Visual Quickpro Guide and the second is by O'Reilly.

The second one feels a little bit like your in a business meeting or something but I swear they are both great books it's just me that's a bit rubbish. Oh they're massive as well - the first one is about 700 pages and the second one nearly 800!

By the way, take a look at phpMyAdmin it's a GUI for MySQL and might simplify the database end of things or there is Cocoa MySQL for mac.

Pete.

The PHP Bible is also a good read. I found The JavaScript Bible to be a bit easier to follow than the PHP version, though.

Here's an idea off-the-cuff so to speak.

It assumes you can password protect pages or better still a directory but saves you having to get into database stuff.

Place the photos as images in pages and call them, e.g., photo1.inc, etc. Place these files and images in the protected directory also.

You can then use 'include' calls to include these pages.

Because they are in a protected directory, you should not be able to see them by directly addressing them in your browser's address bar.