[eluser]zrowcrypt[/eluser]
How do sites like FB / Flickr or for that matter any secured websites that store user pictures implement security for the images. In simpler words how can we :
1. Prevent a user X with profile pic x.jpg to view x.jpg by directly typing the picture path in the browser url? The suggestions I got is to use .htaccess to prevent access to images folder and create a helper that will serve the pictures
2. I got the logic in 1 but still not able to visualize how will it be implemented. Will the url of the img in view source different from the actual url of the image file stored on the disk?
3. With a great amount of help from people here I have reached till this point :
Helper:
function show($uri)
{
// get the superobject
$CI =& get_instance();
// call the session library
$user_id = $CI->session->userdata('user_id');
if($user_id)
{
$img_url = './users' . '/' . $user_id . '/' . 'images' . '/' . $uri;
if(file_exists($img_url))
{
$img = fopen($img_url, 'r');
if ($img)
{
header("Content-Type: image/jpg");
header("Content-Length: " . filesize($img));
fpassthru($img);
}
}
}
}
View:
<img /> {pseudo code}
The problem is I want the image to be displayed(img src) on users home page but this function prompts to download .
Now I am a little lost and and a lot more confused. Can someone help me sort things out?
I have already spend one whole day figuring it out and still no luck.
To sum it all in one line, Can the url of the image displayed be different from the url(path) of the image on disk? if so, how are the two connected?