Yes.

Create an htaccess within the image folder, ONLY allowing access from your own websites pages.

Jim gave an example of this some time ago (and has not lingered on since). I failed to bookmark the thread and have been unable to locate it.

Hi,

you mean using something like:

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g¦gif¦bmp¦png)$ /images/nohotlink.jpe [L]

I came across a few scripts like that, but they all fail to work. I guess because either:

1) typing www.your-domain.com/gallery/pictures/picture.jpg acts as access from own site, or:
2) HTTP_REFERER is blocked (by a firewall or something)

Here's the thread I was looking
[webmasterworld.com...]

That thread only applies to cases where a script is used to "include" objects.

In order to prevent direct image access, you need to use an image-serving script that checks for a cookie set by the page that is "authorized" to display the image, or you need to play games with dynamically changing the image URLs, and then using .htaccess or a script to "reconnect" the frequently-changed URLs with the actual file location on your server.

Be advised, however, that once someone sees your image on their screen, they can copy it -- either using "Save image as" in the browser, or simply by taking a screenshot.

Jim

Hi jdMorgan,

How would one initiate a script that checks for a cookie during direct access? I only have a little more than basic knowledge of apache.

As for copying the image on-screen, I already have a watermark-script in place to prevent that.

Just to give you an idea what I need, I currently display images so:

<img id="bigpicture" src="image.php?main=gallery/full/01.jpg&amp;watermark=gallery/watermark.png" />

[edited by: Bert36 at 10:59 am (utc) on Feb. 3, 2009]

So you have already "initiated a script" by pointing <img src> requests to your watermarking script.

You could add the cookie-checking to your watermark script. If your watermark script is an off-the-shelf solution and subject to frequent revisions/upgrades, or if you don't want to modify it for any other reason, then you could "wrap" that script inside another one. Your <img src> references on your pages should then call the wrapper script instead of the watermarking script. The wrapper script would then call the cookie-checker script and the watermark script in turn, and as appropriate.

Coding the scripts themselves is well outside the scope of this forum, but we do have scripting forums here... :)

Jim

Thanks,

I feel confident enough to be able to write such a script. But something is not clear to me. How would this prevent people from looking at a picture when they type in a direct link? By typing the direct link, no script (cookie-checking or otherwise) would be called...or am I missing something?

You will have to rename the image files (or perhaps just their shared directory if they are so organized) so that old "direct links" are no longer valid. You could redirect these old links to your script, to the html page that includes them, or simply let them go 404-Not Found if that's not feasible.

Jim

ah... ofcourse.

Silly how one can sometimes miss the obvious.

Thanks a lot!