拒绝无效用户使用php访问根目录中的文件
[英]Deny access to files in root directory from invalid users with php
问题描述
I have a php web site. 
我有一个PHP网站。 To access some pages the user must log in. I included a script to redirect to login page if is not authenticated. 要访问某些页面,用户必须登录。我提供了一个脚本,如果未经身份验证,可以重定向到登录页面。 The user must look for images made specifically for them, other users should not see these images. 用户必须寻找专门为他们制作的图像,其他用户则不应看到这些图像。 To show these images I use img tag and they need to be in root directory, as far as i know. 为了显示这些图像,我使用了img标签,据我所知它们必须位于根目录中。 Is there any way to protect these files from invalid users? 有什么方法可以保护这些文件免受无效用户的侵害?
1 个解决方案
解决方案1
0 已采纳 2015-07-29 22:05:43
Rather than linking to the image like <img src='1.jpg'/> link to a php which checks the user is logged in and echos out the bytes of the image <img src='getimage.php?imageId=1'/> ...and then put them somewhere not directly servable apart from that php page. 与其链接到<img src='1.jpg'/>类的图像,而不是链接到检查用户已登录并回显图像字节的php <img src='getimage.php?imageId=1'/> ...,然后将其放置在该php页面之外不可直接使用的位置。
//check if user is logged in
if(!loggedIn())
{
echo 'not logged in';
exit();
}
$id = $_GET['imageId'];
$file = ... //use that id to look in db for image path
$type = 'image/jpeg';
header('Content-Type:'.$type);
header('Content-Length: ' . filesize($file));
readfile($file);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.