stackoom
  简体   繁体   中英

.htaccess file stop access of pic with direct URL

 原文  2016-03-16 09:32:17       php/ .htaccess/ codeigniter

Question

I have a website in php and CodeIgniter where user upload their profile pic and profile pic is stored in folder with name pic_uid.jpg .

And then my script load pic from same folder.

I want to stop direct access of pic using .htaccess file.

like if pic path is 

http://localhost/myweb/uploads/users/pic_19.jpg

If some one type this direct path, he will not get access to pic but when my script call this pic he can get access and show the pic.

I have tried many options but when i stop access to directory, my script also can't load pic.

How to achieve this ?

Thanks

2 answers

solution1
 2 ACCPTED  2016-03-16 09:38:13

You can do something like this. Have a directory say, secured . And inside that directory, place this .htaccess : 

Deny From All

And now, store all your image files there: 

+ secured/
  - image-1.png
  - image-2.png
  - image-3.png

And in your PHP Script, use this proxy: 

<?php
  ob_start();
  /* true if the conditions met, like coming from the script or something */
  $right_user = true or false;
  if ($right_user) {
    header("Content-type: image/png");
    echo file_get_contents("secured/" . $_GET["file"]);
    die();
  } else {
    header("Content-type: text/plain");
    die("Ha ha! Can't steal!");
  }

To reiterate what all I have done, I created a repo here at Cloud9 . In that, I have got these files: 

└── php
    ├── index.php
    ├── insecure.php
    └── secured
        ├── .htaccess
        └── hello.txt

And the each file has like this:

insecure.php 

<?php
    header("Content-type: text/plain");
    if (file_exists("secured/" . $_GET["file"]))
        echo file_get_contents("secured/" . $_GET["file"]);
    else
        echo "404! File Not Found.";
    die();
?>

secured/.htaccess 

Deny From All

secured/hello.txt 

Hello, World.
I am not accessible through normal requests.
My location is in /php/secured/hello.txt.

Demos

Note: I am on a free account, so the server runs only for some time. Please make use of it.

solution2
 0  

For stop access of pic with direct URL
Use URI of codeiginiter copy this code in your routes.php 

$route['uploads/users/(:any)'] = "page_not_found";

This code blocked all url accessing a folder uploads/users

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question stop direct access url codeigniter Prevent direct access to file in URL yii2 htaccess allow direct access for a file htaccess rewrite rule without access to direct file deny direct access to a folder and file by htaccess How can I stop direct access of a folder with Apache using .htaccess? Is this a safe method to stop direct file access? allow direct url access to image only if requested by bot otherwise pass url to index.php file using .htaccess prevent direct URL access to php and html pages via .htaccess Stopping direct file access using URL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM