when no rewrite rule is set up and user accesses the index_image scripts, a php warning is generated - possible security pbl if server is not setup correctly (ie. information leak)

possible fix: test for existence of $_SERVER['SCRIPT_URL'] before using it

if ( !isset( $_SERVER['SCRIPT_URL'] ) ) {
_die( "Please use a virtual hosting setup to access this script.\n" );
}
$filename = ltrim( $_SERVER['SCRIPT_URL'], "/" );

(to be moved just before connection to database)

alternative fix: use a different server variable instead of crapping out - but I do not see much of an advantage there, except for testing...