dongqiao3214 2012-07-29 11:02
浏览 50
已采纳

CodeIgniter - 用户应该只能访问自己的图像

I am currently trying to develop an image uploading website by using CodeIgniter. The thing is, I came across an issue today and I would really appreciate any kind of help in order to solve it.

So basically, the site is working. But the thing is, that the files are not private. A user may want to ensure that the files the users upload are only visible by them, and not by someone who just guesses a bunch of urls. (eg. user1 uploads image1 which he wants to keep private, for himself =>[localhostlocalhost/upload_script/files/image1.jpg], user2 can access image1 by guessing and typing the url [localhost/upload_script/files/image1.jpg] which is what we don't want to happen. ) I have done some research and I think that this would probably require another controller for serving the files (which checks for session data). I have been "playing" with sessions etc in PHP for quite some time in the past, but I am not that familiar with them in CodeIgniter. Is this the only way? I don't think I need to create separate directories for each user, do I? Can you please tell me how to head to the right direction or give me an example?

Thanks in advance,

harris21

  • 写回答

3条回答 默认 最新

  • duanbu9345 2012-07-29 15:57
    关注

    In order to protect files, you will need keep them outside of your web root, otherwise people will always be able to url hack their way round.

    I have used the very handy mod_xsendfile for apache (if you have that kind of access to your server) which will allow you to serve files that can be protected by access control and not accessed without the appropriate credentials.

    Code snippet that you could put in your CI controller to display an image (adapted from the mod_xsendfile page):

    ...
if ($user->isLoggedIn())
{
    header("X-Sendfile: $path_to_somefile");
    header('Content-Type: image/jpeg');
    exit;
}

    If you cannot install mod_xsendfile then your only other option would be to use readfile() as TheShiftExchange says.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 Oracle中如何从clob类型截取特定字符串后面的字符
  • ¥15 想通过pywinauto自动电机应用程序按钮,但是找不到应用程序按钮信息
  • ¥15 如何在炒股软件中,爬到我想看的日k线
  • ¥15 seatunnel 怎么配置Elasticsearch
  • ¥15 PSCAD安装问题 ERROR: Visual Studio 2013, 2015, 2017 or 2019 is not found in the system.
  • ¥15 (标签-MATLAB|关键词-多址)
  • ¥15 关于#MATLAB#的问题,如何解决?(相关搜索:信噪比,系统容量)
  • ¥500 52810做蓝牙接受端
  • ¥15 基于PLC的三轴机械手程序
  • ¥15 多址通信方式的抗噪声性能和系统容量对比