限制直接下载网址中的图片

Question

I asked this question a while ago and got an answer that I thought would work but I'm still having an issue. Maybe it's something I'm doing wrong but I still don't have this right.

I want to restrict access to an entire directory. This directory has images and pdf files in it. I need to create a link to the pdf documents and embed in an anchor tag, the images. I was told to use header for this. Using header immediately outputs the content which works great for the pdf document but I have to embed 3 images from the same directory and this doesn't work because header outputs the image before the html and that's correct behavior.

I need a way to assign the image to a variable so that I can embed it where I need it after the html has been outputted. Any ideas?

Here is a link to my last question. How to restrict viewing files within a directory

Answer 1

Move images outside public Document Root of your host, or restrict access to them with .htaccess like

<FilesMatch "\.(gif|png|jpe?g)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

And send images with PHP script, that will check user session and send the image only if user is logged in.

//... your session checking routine just like in other scripts
if (!$logged) {
    //show error
    exit();
}

//Simple extention-to-mimetype map:
$mimetypes = array(
    '.jpg' => 'image/jpeg'
    '.jpeg'=> 'image/jpeg'
    '.pdf' => 'application/pdf'
    //add other extensions if needed
);

$file = basename($_GET['file']);    //preventing tricks with ../../anypath/anyfile
$ext = substr($file, strrpos($file, '.'));
if (file_exists($images_dir . $file) && isset($mimetypes[$ext]) ) {
    header('Content-Type: ' . $mimetypes[$ext]);
    echo file_get_contents($images_dir . $file);
} else {
    //show error
}