php - .htaccess file stop access of pic with direct URL

988

I have a website in php and CodeIgniter where user upload their profile pic and profile pic is stored in folder with name pic_uid.jpg .

And then my script load pic from same folder.

I want to stop direct access of pic using.htaccess file.

like if pic path is

http://localhost/myweb/uploads/users/pic_19.jpg

If some one type this direct path, he will not get access to pic but when my script call this pic he can get access and show the pic.

I have tried many options but when i stop access to directory, my script also can't load pic.

How to achieve this ?

Thanks

555

Answer

Solution:

You can do something like this. Have a directory say,secured. And inside that directory, place this.htaccess:

Deny From All

And now, store all your image files there:

+ secured/
  - image-1.png
  - image-2.png
  - image-3.png

And in your PHP Script, use this proxy:

<?php
  ob_start();
  /* true if the conditions met, like coming from the script or something */
  $right_user = true or false;
  if ($right_user) {
    header("Content-type: image/png");
    echo file_get_contents("secured/" . $_GET["file"]);
    die();
  } else {
    header("Content-type: text/plain");
    die("Ha ha! Can't steal!");
  }

To reiterate what all I have done, I created a repo here at Cloud9. In that, I have got these files:

└── php
    ├── index.php
    ├── insecure.php
    └── secured
        ├── .htaccess
        └── hello.txt

And the each file has like this:

insecure.php

<?php
    header("Content-type: text/plain");
    if (file_exists("secured/" . $_GET["file"]))
        echo file_get_contents("secured/" . $_GET["file"]);
    else
        echo "404! File Not Found.";
    die();
?>

secured/.htaccess

Deny From All

secured/hello.txt

Hello, World.
I am not accessible through normal requests.
My location is in /php/secured/hello.txt.

Demos

Note: I am on a free account, so the server runs only for some time. Please make use of it.

505

Answer

Solution:

For stop access of pic with direct URL
Use URI of codeiginiter copy this code in your routes.php

$route['uploads/users/(:any)'] = "page_not_found";

This code blocked all url accessing a folder uploads/users

People are also looking for solutions to the problem: php - e-mails send to microsoft addresses end up in spam, others are fine

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.