How can I restrict content (images, etc) until the user is signed in using PHP?

Noobie question: I have sensitive content (images) that I want to place in a directory and show a user only AFTER they've logged in. What is the standard procedure for this without relyin开发者_如何学Pythong on simply randomly generated filenames and a .htaccess file that specifies no directory listing? I'm working in PHP.

Thanks!

You can put these images in a different folder outside of the public_html (so nobody can access them). Then via script, if a user is logged in, you get the image file content and then change the header. If a user is not logged, you can display a random image or showing a default image.

for example, the public html folder is: /var/www your image folder can be: /registered_user/images/

Then in your PHP script you can write:

<?php
if(!userLogged() || !isset($_GET['image'])) {
  header('Location: /');
  die();
}
$path = '/registered_user/images/';
$file = clean($_GET['image']); // you can create a clean function that only get valid character for files

$filename = $path . $file;
if(!file_exists($filename)) {
  $filename = '/var/www/images/bogus.jpg';
}
$imageInfo = getimagesize($filename);

header ('Content-length: ' . filesize($filename));
header ('Content-type: ' . $imageInfo['mime']);
readfile ($filename);

Then when you call the image you can use: <img src="/script.php?image=filename">