omikron Posted May 26, 2008 Share Posted May 26, 2008 Hello Currently I am confused about how I can secure my files from stealing, but still able to access them through scripts. My website is constructed that I have root folder, which has eg. script.php. And then I have images -folder and all images in there. Problem is that I need to block images folder fully, because of security and stop thievery. I have done this with htaccess and typed files * + deny from all. Now I still need to have access to the files via PHP scripts. Idea is to show images that they are "loaded" the script.php file. How I can do this? It would be nice that php file just can use: echo "<img src="blocked_folder/image.format">"; Is there any htaccess rule how I can add that allow from script.php or similar?! Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 26, 2008 Share Posted May 26, 2008 The .htaccess file blocks http/https requests. This means a browser or a remote bot script cannot directly browse to the file, nor can they fetch it when it appears in an <img src="url_of_image_file" alt=""> tag. This is what you want to prevent direct access. What you need to do is have a .php script that "dynamically" outputs the image. For example, call this file image.php The image.php script verifies what ever conditions you set to allow access, such as someone being logged in or having correctly entered a CAPTCHA phrase. A GET parameter is often used to specific which image to output, something like image.php?id=345 You would then use this as follows - <img src="image.php?id=345" alt=""> The image.php file needs to do any verification and protection against unauthorized downloading, check which image was specified, then output a correct image header("Content-type: image/xxxxxx"); statement that matches the file type, and then read and output the image file. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.