How To Prevent Ppl From Bypassing Login And Going Directly Images?

[mesaaz]

How do I prevent ppl from bypassing login and going directly images? My index.php has a login, but my pictures are stored in the images dir, how do I prevent somebody (who hasn't logged in) from going to XXXX.vdnv.com/images/pic1.jpg and seeing the image?

Thanks,
Greg

ps. Obviously I'm new to this...

[Andrew]

You need to edit your .htaccess file to deny access to that folder. Or you could just create an html file name it index.html and have NOthing on the page except "You shouldn't be here" or something like that.

[mesaaz]

Ok... I searched online for examples of .htaccess files and found some. Here's the .htaccess file at the root level, but I can still view pic1.jpg... what am I doing wrong?? Is there a time period that must elapse before the change actually occurs on the server?

IndexIgnore */*

<Files ~ "\.(jpg)$">
order allow,deny
deny from all
</Files>

<Files .htaccess>
order allow,deny
deny from all
</Files>

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?XXXX.vndv.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]

[Andrew]

I'm not completely familiar with htaccess, I just know you need to use them. but maybe google this but shouldn't it be "order deny,allow" if that doesn't work, try putting the .htaccess file into the pictures directory.

[Paradoks]

Yeah i belive it is order deny,allow

But anyways you can use PHP to secure the directory