I have a website in php and CodeIgniter where user upload their profile pic and profile pic is stored in folder with name pic_uid.jpg .
And then my script load pic from same folder.
I want to stop direct access of pic using .htaccess
file.
like if pic path is
http://localhost/myweb/uploads/users/pic_19.jpg
If some one type this direct path, he will not get access to pic but when my script call this pic he can get access and show the pic.
I have tried many options but when i stop access to directory, my script also can't load pic.
How to achieve this ?
Thanks
You can do something like this. Have a directory say, secured
. And inside that directory, place this .htaccess
:
Deny From All
And now, store all your image files there:
+ secured/
- image-1.png
- image-2.png
- image-3.png
And in your PHP Script, use this proxy:
<?php
ob_start();
/* true if the conditions met, like coming from the script or something */
$right_user = true or false;
if ($right_user) {
header("Content-type: image/png");
echo file_get_contents("secured/" . $_GET["file"]);
die();
} else {
header("Content-type: text/plain");
die("Ha ha! Can't steal!");
}
To reiterate what all I have done, I created a repo here at Cloud9 . In that, I have got these files:
└── php
├── index.php
├── insecure.php
└── secured
├── .htaccess
└── hello.txt
And the each file has like this:
insecure.php
<?php
header("Content-type: text/plain");
if (file_exists("secured/" . $_GET["file"]))
echo file_get_contents("secured/" . $_GET["file"]);
else
echo "404! File Not Found.";
die();
?>
secured/.htaccess
Deny From All
secured/hello.txt
Hello, World.
I am not accessible through normal requests.
My location is in /php/secured/hello.txt.
Demos
Note: I am on a free account, so the server runs only for some time. Please make use of it.
For stop access of pic with direct URL
Use URI of codeiginiter copy this code in your routes.php
$route['uploads/users/(:any)'] = "page_not_found";
This code blocked all url accessing a folder uploads/users
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.