Jump to content


Photo

protecting files/folders


  • Please log in to reply
23 replies to this topic

#21 corbin

corbin
  • Staff Alumni
  • Advanced Member
  • 8,129 posts

Posted 10 August 2006 - 03:13 AM

Hehe grabbed that off google, took all of 2 seconds...

Anyways I was interested in the php aspect of it because I might use this for my self in the future... So i came up with
<?php
$url = $_SERVER['PHP_SELF'];
$url = explode("/", $url);
$count = count($url);

$slashcount = $count - 1;

$i = 0;
while($i < $slashcount) {
$slash .= "../";
$i++;
}

$str = $_SERVER['HTTP_REFERER'];
if(eregi('yourdomain.com', $str)){
$source = $slash . "directory_your_image_are_in/" . $_GET['image'];

$handle = fopen($source, "r");
$output = fread($handle, filesize($source));
fclose($handle);

echo $output;
}

?>

It should work from /folder1/folder2/folder3/image.php or /image.php as long as its called to in an <img> tag... It checks the referrer to make sure its your site then if it is displays the picture...

Why doesn't anyone ever say hi, hey, or whad up world?

#22 bltesar

bltesar
  • Members
  • PipPipPip
  • Advanced Member
  • 109 posts

Posted 11 August 2006 - 02:39 AM

thank you.  Are you sure echo $output will actually produce an image onscreen?  I believe in a previous post someone said that it wouldn't, that the data read from the file must somehow be processed into an image. 

Also, do you think this method offers any advantages over the .htaccess approach?

#23 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 11 August 2006 - 04:54 AM

the output echoing will show an image if the PHP file is used as the source in an <img> tag, but will NOT produce an image if included or accessed directly.

#24 corbin

corbin
  • Staff Alumni
  • Advanced Member
  • 8,129 posts

Posted 11 August 2006 - 05:54 AM

"as long as its called to in an <img> tag... It checks the referrer to make sure its your site then if it is displays the picture..."

Thats what i meant i just didnt feel like explaining it at 4 in the morning :D.. you could also use if($referrer == "") along with the one for a domain... People could go straight to the file... But they couldnt hot link to it... Which is what i assume youre tryin to prevent..
Why doesn't anyone ever say hi, hey, or whad up world?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users