I have a PHP script which generates responses to answers submitted by a
form. The responses contain links to images. I'd like to stop users
guessing the names of other images and viewing them. I know I could use
random unguessable filenames, but I wondered if there was a more elegant
solution using PHP?
I know I can reference a php script in an img tag, and pass in a
parameter to specify which image to return, and I can use $HTTP_REFERER
to check that the script is being invoked by my page only. But the PHP
manual warns that this is set by the browser and cannot be relied upon.
So, is there a better solution?
--
Steve Loft
9  2218 
Steve Loft wrote: I know I can reference a php script in an img tag, and pass in a
parameter to specify which image to return, and I can use $HTTP_REFERER
to check that the script is being invoked by my page only. But the PHP
manual warns that this is set by the browser and cannot be relied upon.
So, is there a better solution?
You might want to use session variables.
On a script somewhere, set, for instance
$_SESSION['images'] = array(1, 4, 19, 55); // maybe you prefer names
to view a image put the script in the img tag
<img src="image.php?id=19">
and in image.php check that the id passed as a parameter to image.php is
set in the $_SESSION['images'] array.
So, if the user want to get cute and try image.php?id=13 nothing will
show (or display a error message, or a blank picture, ...)
--
USENET would be a better place if everybody read: : mail address : http://www.catb.org/~esr/faqs/smart-questions.html : is valid for : http://www.netmeister.org/news/learn2quote2.html : "text/plain" : http://www.expita.com/nomime.html : to 10K bytes :
"Steve Loft" <st***@nybbles.co.uk> wrote in message
news:vm************@nybbles.co.uk... I have a PHP script which generates responses to answers submitted by a
form. The responses contain links to images. I'd like to stop users
guessing the names of other images and viewing them. I know I could use
random unguessable filenames, but I wondered if there was a more elegant
solution using PHP?
I know I can reference a php script in an img tag, and pass in a
parameter to specify which image to return, and I can use $HTTP_REFERER
to check that the script is being invoked by my page only. But the PHP
manual warns that this is set by the browser and cannot be relied upon.
So, is there a better solution?
Use a session variable to store a list of image names. Your PHP script will
add the file names that the user can see at the given stage. The script that
outputs the image will check this list to keep the user from getting ahead
of himself.
In your response script:
// images viewable at each particular step
$image_lists = array(
1 => array('cow1.gif', 'cow2.gif'),
2 => array('cow3.gif', 'cow4.gif'),
3 => array('cow5.gif', 'beef.gif')
);
$_SESSION['cow_pix'] = @array_merge($_SESSION['cow_pix'],
$image_lists[$step]);
In the image script:
$filename = $_GET['img'];
if(@in_array($filename, $_SESSION['cow_pix'])) {
header("Content-type: image/cow");
readfile("$IMAGE_PATH/$filename");
}
else {
header("HTTP/1.0 404 Not found");
}
Chung Leong wrote: Use a session variable to store a list of image names. Your PHP script will
add the file names that the user can see at the given stage. The script that
outputs the image will check this list to keep the user from getting ahead
of himself.
That's great. Thanks to both you and Pedro for the suggestion, it's perfect.
--
Steve Loft
I wrote: That's great. Thanks to both you and Pedro for the suggestion, it's
perfect.
Except I'm having trouble getting it working. I decided to use the
following method: The name of the current image to be displayed is
stored in a session variable, then the script which displays the image
just uses the session variable to fetch the file.
My first script has this at the start:
<?php
session_start();
$_SESSION['imagename']= "../../hidden_files/default.jpg";
Then, later, in the path where I decide which image the user is going to
see, I do this:
$_SESSION['imagename']= "../../hidden_files/images/1tree.jpg";
and inside the HTML which follows I have:
<img src="images.php" />
The images.php file looks like this:
<?php
session_start()
$im =imagecreatefromjpeg($_SESSION["imagename"]);
imagejpeg($im);
?>
But the image doesn't get displayed. The session_start() seems to screw
things up. If I put the actual filename in the images.php script instead
of using the session variable, it still doesn't work until I remove the
session_start().
What am I doing wrong, please?
--
Steve Loft
"Steve Loft" <st***@nybbles.co.uk> ???????/???????? ? ???????? ?????????:
news:1m************@nybbles.co.uk... I wrote:
That's great. Thanks to both you and Pedro for the suggestion, it's
perfect.
Except I'm having trouble getting it working. I decided to use the
following method: The name of the current image to be displayed is
stored in a session variable, then the script which displays the image
just uses the session variable to fetch the file.
My first script has this at the start:
<?php
session_start();
$_SESSION['imagename']= "../../hidden_files/default.jpg";
Then, later, in the path where I decide which image the user is going to
see, I do this:
$_SESSION['imagename']= "../../hidden_files/images/1tree.jpg";
and inside the HTML which follows I have:
<img src="images.php" />
The images.php file looks like this:
<?php
session_start()
$im =imagecreatefromjpeg($_SESSION["imagename"]);
imagejpeg($im);
?>
But the image doesn't get displayed. The session_start() seems to screw
things up. If I put the actual filename in the images.php script instead
of using the session variable, it still doesn't work until I remove the
session_start().
What am I doing wrong, please?
--
Steve Loft
Try next code
<?php
session_start()header("Content-type:
image/jpeg");readfile($_SESSION["imagename"]);?>
I wrote: <?php
session_start()
$im =imagecreatefromjpeg($_SESSION["imagename"]);
imagejpeg($im);
?>
Whoops. Missing semicolon! Works fine now :)
--
Steve Loft
Dennis Biletsky wrote: Try next code
<?php
session_start()header("Content-type:
image/jpeg");readfile($_SESSION["imagename"]);?>
Yes, that works too - with the missing semicolon added!
And now it all works wonderfully, except that when I disable cookies and
use the URL to pass the session ID, the images stop being displayed
again. Any ideas, anyone?
--
Steve Loft
I wrote: And now it all works wonderfully, except that when I disable cookies and
use the URL to pass the session ID, the images stop being displayed
again. Any ideas, anyone?
After staring at it for hours, I finally realised that PHP doesn't
automatically add the session ID parameter to img tags. Having put it in
manually using SID, it all works fine with and without cookies.
--
Steve Loft
Steve Loft <st***@nybbles.co.uk> wrote in message news:<lo************@nybbles.co.uk>... I wrote:
And now it all works wonderfully, except that when I disable cookies and
use the URL to pass the session ID, the images stop being displayed
again. Any ideas, anyone?
After staring at it for hours, I finally realised that PHP doesn't
automatically add the session ID parameter to img tags. Having put it in
manually using SID, it all works fine with and without cookies.
No need to hard code. Just use "url_rewriter.tags" with ini_set()
<http://in.php.net/ini_set>
-- http://www.sendmetoindia.com - Send Me to India!
Email: rrjanbiah-at-Y!com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: DaRemedy |
last post by:
Hiya,
Can anyone kindly help me to get started in creating a PHP/MySQL image
gallery, it doesn't have to be anything fancy, just something that
automatically reads the images in the folder and...
|
by: Terry Carroll |
last post by:
I've got a small batch image-processing program (it adds the time a
digital photo was taken to the lower right of the image), and as a
feature, I wanted to show a thumbnail of each image it was...
|
by: BN |
last post by:
Hello..:)
Is it possible to load and show a JPG file using Javascript...?
I have a HTML document, and want to load a new image when the user pushes a
button.
Thanx..
--
|
by: mark | r |
last post by:
anyone know a useful way of hiding image paths so images on my site cant be
directly linked to?
ive seen sites that use <img src="image.asp?/moo/fred/image01.jpg"> (where
the path starts from...
|
by: web_design |
last post by:
I put this together from some other scripts I am using on a site. I'm
trying to make a better email hiding script. It isn't working. Also, it
causes Internet Explorer 6 SP2 to block the script...
| | |
by: FX |
last post by:
I wanna publish a script on my site which allows me to hide image
source.
i have rough idea abt it. i`ll point src to some php page like:
<img src="image.php">
& in tht php wat exactly shud be...
|
by: Andrew |
last post by:
Hello Ive been messing around with a simple raw image viewer using Pil
and Tkinter
However I am running into problems displaying the images they appear to
be not correct I believe it is cause of...
|
by: cagi |
last post by:
Hi to all, this is my first post here so I'm hoping you can help me. Now I'm writing a app which, among all other things need to record some data to CD. I'm using IMAPI v1 and here is the problem: i...
|
by: olle |
last post by:
HI Everyone.
I have tried to get the filedates of images in different maps using
Access2000.
To get the filenames I do like in the vba-code below. That is no
problems.
But how do do I get the...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |
