dongzhang1987 2016-03-16 09:32
浏览 56
已采纳

.htaccess文件停止使用直接URL访问pic

I have a website in php and CodeIgniter where user upload their profile pic and profile pic is stored in folder with name pic_uid.jpg .

And then my script load pic from same folder.

I want to stop direct access of pic using .htaccess file.

like if pic path is

http://localhost/myweb/uploads/users/pic_19.jpg

If some one type this direct path, he will not get access to pic but when my script call this pic he can get access and show the pic.

I have tried many options but when i stop access to directory, my script also can't load pic.

How to achieve this ?

Thanks

  • 写回答

2条回答 默认 最新

  • drv13270 2016-03-16 09:38
    关注

    You can do something like this. Have a directory say, secured. And inside that directory, place this .htaccess:

    Deny From All
    

    And now, store all your image files there:

    + secured/
      - image-1.png
      - image-2.png
      - image-3.png
    

    And in your PHP Script, use this proxy:

    <?php
      ob_start();
      /* true if the conditions met, like coming from the script or something */
      $right_user = true or false;
      if ($right_user) {
        header("Content-type: image/png");
        echo file_get_contents("secured/" . $_GET["file"]);
        die();
      } else {
        header("Content-type: text/plain");
        die("Ha ha! Can't steal!");
      }
    

    To reiterate what all I have done, I created a repo here at Cloud9. In that, I have got these files:

    └── php
        ├── index.php
        ├── insecure.php
        └── secured
            ├── .htaccess
            └── hello.txt
    

    And the each file has like this:

    insecure.php

    <?php
        header("Content-type: text/plain");
        if (file_exists("secured/" . $_GET["file"]))
            echo file_get_contents("secured/" . $_GET["file"]);
        else
            echo "404! File Not Found.";
        die();
    ?>
    

    secured/.htaccess

    Deny From All
    

    secured/hello.txt

    Hello, World.
    I am not accessible through normal requests.
    My location is in /php/secured/hello.txt.
    

    Demos

    Note: I am on a free account, so the server runs only for some time. Please make use of it.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?