I have a directory of photos that i display on a website. I use phpthumb to apply a watermark to these photos.
Currently, a person could simply view the code to get the path to the image, and view it directly, bypassing phpthumb entirely.
Is there any way of preventing this? htaccess? Something smart…?
I guess you could do something using htaccess. What I would do is put the images outside of the root folder. Have the image paths point to a PHP file that checks for a valid SESSION variable, and if OK use a filesystem function to get the image from the protected folder. eg. (in very crude pseudo-code) something like
$_SESSION[‘whatever’] = ‘348b532a…’;
if($_SESSION[‘whatever’] == OK)
I don’t know how this technique would work with phpthumb though.