I don't know if this is an answer you're looking for, but I think you can serve a graphic as a PHP page. Called as <img src=yada-yada.php>. Then, in the script you could check to see what the referrer is, and if it's not the page you want or blank like it would be with a direct access you could either not return the image or return an image saying "No linking" or some such.

- Ryan

The problem with checking for a blank referrer is that not all users send the referrer, so you can't tell just from a blank referrer if they are viewing the image inside one of your pages, or directly. The only thing the referrer can detect (though it fails when a user doesn't send one) is if the image is hotlinked from another site.

Have you thought of getting the web page to set a (very fast expiring) cookie, and have the php script that returns the image, check that the cookie is there? Or I guess you could call the image-returning-php script with an encoded timestamp, but you would need to sort out all of the page expiring, (and ensure proxies aren't caching your page/image) etc to get this to work

I agree with uncle_bob that a cookie could be used to control access to an image. However, if the image is part of a busy site, this is not the way to go. The resources required to set and get a cookie to control access to the image is probably far greater than just serving up the image without any protection whatsoever. Have you considered using Basic-Auth?

upside...

BasicAuth, would it allow me to do what im looking to do?

Allow people to retrieve items from a directory, but not allow them to either manually type them into thier browser, or use some sort of program to download the file directly.

Basic-auth would require your users to authenticate themselves in order to access directories that you specify. If your goal is to protect your content, this might be the way to go. However, if your goal is to stop hotlinking then you can find many threads here about how to prevent hotlinking.

I don't have any experience with this, but I think there are .htaccess commands that would prevent this.

Create a text file with any of the following codes, edit them as neccesary. Upload it to whatever directory you need it in. It will affect all sub-directorys of whatever directory you put it in. Rename it .htaccess after you upload it

Prevents viewing of directory all files in an index. Doesn't prevent viewing the files themselves:

IndexIgnore *

Prevents Hot-Linking:

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif¦jpg)$ - [F]

My persoanl favorite, serves up a replacement image for hot-linked files:

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif¦jpg)$ [mydomain.com...] [R,L]

LOL, just checked out the above mentioned URL, has a pr of 8.