Apache htaccess and PHP script access

[omikron]

Hello

 

Currently I am confused about how I can secure my files from stealing, but still able to access them through scripts.

 

My website is constructed that I have root folder, which has eg. script.php. And then I have images -folder and all images in there.

 

Problem is that I need to block images folder fully, because of security and stop thievery. I have done this with htaccess and typed files * + deny from all.

 

Now I still need to have access to the files via PHP scripts. Idea is to show images that they are "loaded" the script.php file. How I can do this?

 

It would be nice that php file just can use: echo "<img src="blocked_folder/image.format">"; Is there any htaccess rule how I can add that allow from script.php or similar?!

[PFMaBiSmAd]

The .htaccess file blocks http/https requests. This means a browser or a remote bot script cannot directly browse to the file, nor can they fetch it when it appears in an <img src="url_of_image_file" alt=""> tag. This is what you want to prevent direct access.

 

What you need to do is have a .php script that "dynamically" outputs the image. For example, call this file image.php The image.php script verifies what ever conditions you set to allow access, such as someone being logged in or having correctly entered a CAPTCHA phrase. A GET parameter is often used to specific which image to output, something like image.php?id=345

 

You would then use this as follows -

 

<img src="image.php?id=345" alt="">

 

The image.php file needs to do any verification and protection against unauthorized downloading, check which image was specified, then output a correct image header("Content-type: image/xxxxxx"); statement that matches the file type, and then read and output the image file.