You can do something like this. Have a directory say, secured
. And inside that directory, place this .htaccess
:
Deny From All
And now, store all your image files there:
+ secured/
- image-1.png
- image-2.png
- image-3.png
And in your PHP Script, use this proxy:
<?php
ob_start();
/* true if the conditions met, like coming from the script or something */
$right_user = true or false;
if ($right_user) {
header("Content-type: image/png");
echo file_get_contents("secured/" . $_GET["file"]);
die();
} else {
header("Content-type: text/plain");
die("Ha ha! Can't steal!");
}
To reiterate what all I have done, I created a repo here at Cloud9. In that, I have got these files:
└── php
├── index.php
├── insecure.php
└── secured
├── .htaccess
└── hello.txt
And the each file has like this:
insecure.php
<?php
header("Content-type: text/plain");
if (file_exists("secured/" . $_GET["file"]))
echo file_get_contents("secured/" . $_GET["file"]);
else
echo "404! File Not Found.";
die();
?>
secured/.htaccess
Deny From All
secured/hello.txt
Hello, World.
I am not accessible through normal requests.
My location is in /php/secured/hello.txt.
Demos
Note: I am on a free account, so the server runs only for some time. Please make use of it.