php - .htaccess file stop access of pic with direct URL

Answer

Solution:

You can do something like this. Have a directory say,secured. And inside that directory, place this.htaccess:

Deny From All
Copy code

And now, store all your image files there:

+ secured/
  - image-1.png
  - image-2.png
  - image-3.png
Copy code

And in your PHP Script, use this proxy:

<?php
  ob_start();
  /* true if the conditions met, like coming from the script or something */
  $right_user = true or false;
  if ($right_user) {
    header("Content-type: image/png");
    echo file_get_contents("secured/" . $_GET["file"]);
    die();
  } else {
    header("Content-type: text/plain");
    die("Ha ha! Can't steal!");
  }
Copy code

To reiterate what all I have done, I created a repo here at Cloud9. In that, I have got these files:

└── php
    ├── index.php
    ├── insecure.php
    └── secured
        ├── .htaccess
        └── hello.txt
Copy code

And the each file has like this:

insecure.php

<?php
    header("Content-type: text/plain");
    if (file_exists("secured/" . $_GET["file"]))
        echo file_get_contents("secured/" . $_GET["file"]);
    else
        echo "404! File Not Found.";
    die();
?>
Copy code

secured/.htaccess

Deny From All
Copy code

secured/hello.txt

Hello, World.
I am not accessible through normal requests.
My location is in /php/secured/hello.txt.
Copy code

Demos

• Inaccessible Secure File: https://demo-project-praveenscience.c9.io/php/secured/hello.txt
• Accessible Secure File through PHP: https://demo-project-praveenscience.c9.io/php/insecure.php?file=hello.txt

Note: I am on a free account, so the server runs only for some time. Please make use of it.

Answer

Solution:

For stop access of pic with direct URL
Use URI of codeiginiter copy this code in your routes.php

$route['uploads/users/(:any)'] = "page_not_found";
Copy code

This code blocked all url accessing a folder uploads/users