stackoom
  简体   繁体   中英

Deny access to files in root directory from invalid users with php

 原文  2015-07-29 22:01:48       php/ html

Question

I have a php web site. To access some pages the user must log in. I included a script to redirect to login page if is not authenticated. The user must look for images made specifically for them, other users should not see these images. To show these images I use img tag and they need to be in root directory, as far as i know. Is there any way to protect these files from invalid users?

1 answers

solution1
 0 ACCPTED  2015-07-29 22:05:43

Rather than linking to the image like <img src='1.jpg'/> link to a php which checks the user is logged in and echos out the bytes of the image <img src='getimage.php?imageId=1'/> ...and then put them somewhere not directly servable apart from that php page. 

//check if user is logged in
if(!loggedIn())
{
   echo 'not logged in';
   exit();
}
$id = $_GET['imageId'];
$file = ... //use that id to look in db for image path
$type = 'image/jpeg';
header('Content-Type:'.$type);
header('Content-Length: ' . filesize($file));
readfile($file);

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I deny access to all files in directory but allow access from specific php file in other directory? How to allow downloading files with PHP, but deny direct access to directory listings Deny access to all PHP files in a directory using .htaccess Deny external access to php files Deny direct access to php file in root Deny access to files from browser and allow from PHP application Deny access to .php files apart from the server itself How to deny direct access to files in AJAX directory Deny access to directory files via browser with htaccess Nginx: Deny access of a directory and files inside it
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM