Hey,
I have never ever done this in my life but I have seen it done many times. I am building a photographer's website and he wants to have several images displayed on his site. The images are public domain and he doesn't care if anyone steals them as they are such low quality images. However, I am going to be hosting about 200 high resolution print quality photos as well on this site and I need them password protected. While I can password protect each directory I need to make it where I can create a user to have access to an individual photo. I've thought about all kinds of things but I can't think of any workable solution. If I make a php page where it "unlocks" a photo for that user can't they then just grab the php page and get the password for the directory... Any ideas, help, suggestions, tutorials would be great.

You can use PHP's ability to work with binary data and have one PHP script that serves up each image after performing some logic checks to ensure that the user is allowed access.

Let's say that you use a session to validate the user and use your normal checks then you could have a php script that accepts some $_GET query string data with the image name etc..

Then you can use file_get_contents($file) to retrieve the image from the server (this function is binary safe)... after clearing the default headers and then setting headings like "Content-type: image/jpeg" and echo out to the browser. Because of the content-type heading, the browser will treat it like any image linked to directly.

If you wanted to avoid storing the images in directories at all, you could also consider storing them in a MySQL database with the data-type set to BLOB... Then using the same content-type headers you can dump the image straight out of the database meaning that it would never be possible to get the image outside of a valid user session.

Wow.. storing an image in a database seems to be the best possible solution. I never knew it was possible to store an image... I'm going to have to look into that. The fear I have with the using directories is that people could type in the location of the image and download it if they grab the password which could happen if they were to download the php file.

Thanks for the idea man I'm so gonna do that .