.htaccess文件停止使用直接URL对图片的访问
[英].htaccess file stop access of pic with direct URL
问题描述
I have a website in php and CodeIgniter where user upload their profile pic and profile pic is stored in folder with name pic_uid.jpg . 
我在php和CodeIgniter中有一个网站,用户在其中上传他们的个人资料图片,而个人资料图片存储在名为pic_uid.jpg的文件夹中。
And then my script load pic from same folder. 然后我的脚本从同一文件夹加载图片。
I want to stop direct access of pic using .htaccess file. 我想停止使用.htaccess文件直接访问图片。
like if pic path is 就像pic path是
http://localhost/myweb/uploads/users/pic_19.jpg
If some one type this direct path, he will not get access to pic but when my script call this pic he can get access and show the pic. 如果有人键入此直接路径,他将无法访问图片,但是当我的脚本调用此图片时,他可以访问并显示该图片。
I have tried many options but when i stop access to directory, my script also can't load pic. 我尝试了许多选项,但是当我停止访问目录时,我的脚本也无法加载图片。
How to achieve this ? 如何实现呢?
Thanks 谢谢
2 个解决方案
解决方案1
2 已采纳 2016-03-16 09:38:13
You can do something like this. 你可以做这样的事情。 Have a directory say, secured . 有一个说secured的目录。 And inside that directory, place this .htaccess : 在该目录中,放置以下.htaccess :
Deny From All
And now, store all your image files there: 现在,将所有图像文件存储在此处:
+ secured/
- image-1.png
- image-2.png
- image-3.png
And in your PHP Script, use this proxy: 在您的PHP脚本中,使用以下代理:
<?php
ob_start();
/* true if the conditions met, like coming from the script or something */
$right_user = true or false;
if ($right_user) {
header("Content-type: image/png");
echo file_get_contents("secured/" . $_GET["file"]);
die();
} else {
header("Content-type: text/plain");
die("Ha ha! Can't steal!");
}
To reiterate what all I have done, I created a repo here at Cloud9 . 为了重申我所做的一切,我在Cloud9上创建了一个仓库 。 In that, I have got these files: 在那,我得到了这些文件:
└── php
├── index.php
├── insecure.php
└── secured
├── .htaccess
└── hello.txt
And the each file has like this: 每个文件都有这样的内容:
insecure.php
<?php
header("Content-type: text/plain");
if (file_exists("secured/" . $_GET["file"]))
echo file_get_contents("secured/" . $_GET["file"]);
else
echo "404! File Not Found.";
die();
?>
secured/.htaccess
Deny From All
secured/hello.txt
Hello, World.
I am not accessible through normal requests.
My location is in /php/secured/hello.txt.
Demos 演示版
- Inaccessible Secure File: https://demo-project-praveenscience.c9.io/php/secured/hello.txt 无法访问的安全文件: https : //demo-project-praveenscience.c9.io/php/secured/hello.txt
- Accessible Secure File through PHP: https://demo-project-praveenscience.c9.io/php/insecure.php?file=hello.txt 通过PHP可访问的安全文件: https : //demo-project-praveenscience.c9.io/php/insecure.php? file =hello.txt
Note: I am on a free account, so the server runs only for some time.
解决方案2
0
For stop access of pic with direct URL 用于通过直接URL停止对图片的访问
Use URI of codeiginiter copy this code in your routes.php 使用codeiginiter的URI在您的route.php中复制此代码
$route['uploads/users/(:any)'] = "page_not_found";
This code blocked all url accessing a folder uploads/users 此代码阻止了所有访问文件夹上载/用户的网址
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.