uppalakishore Posted March 21, 2013 Share Posted March 21, 2013 First of All Thanks For Reading... I Want to hide Image/File path, mainly i want to hide the "image path" there by Logged in users only see the images. 1) My Problem is When a user Logged in and opend his personal photos, the image path will be "http://localhost/photo_gallery/User_data/Personal_photos/username/kicku.jpg" . 2)But when i entered the path in the browser without login the images keep displaying... 3)So i want to hide the image path for security purpose... Any help, Appreciable... Quote Link to comment Share on other sites More sharing options...
haku Posted March 21, 2013 Share Posted March 21, 2013 You cannot hide image paths. The browser needs to know the path to show the image, and once the browser has it, it's there for the user to see. However, you can set up a system to serve your images from a php script, and then add security checks to that php script. So if the user has permission to see the image, the script will serve the image to the user, or if they don't have permissions, it will block them. The user can still see the image path (which is actually a path to a php script), but since the security check will happen if they try to access that path, it solves your problem. Here is someting to get you started: http://www.thewebsqueeze.com/web-design-tutorials/how-to-output-images-using-php.html Quote Link to comment Share on other sites More sharing options...
uppalakishore Posted March 22, 2013 Author Share Posted March 22, 2013 Thank u @ haku.... I will try.... Quote Link to comment Share on other sites More sharing options...
uppalakishore Posted March 23, 2013 Author Share Posted March 23, 2013 (edited) @ haku.... I tried and rename the directory as "Images" but i found it displaying the image path as it is and it will randomize the images in the directory when i refresh the page... What i want is I want to hide the location/path of the image... sum where i got some code i will try it... <?php $imagedir = "Images/" ; $validprefixes = array ( "http://localhost/photo_gallery/index.com", "localhost/photo_gallery/" ) ; $homepage = "index.php" ; function isreferrerokay ( $referrer, $validprefixes ) { $validreferrer = 0 ; $authreferrer = current( $validprefixes ); while ($authreferrer) { if (eregi( "^https?://$authreferrer/", $referrer )) { $validreferrer = 1 ; break ; } $authreferrer = next( $validprefixes ); } return $validreferrer ; } //----------------------- main program ----------------------- $image = $_GET['image'] ; $referrer = getenv( "HTTP_REFERER" ); if (isset($_GET['image'])) { if (empty($referrer) || isreferrerokay( $referrer, $validprefixes )) { $imagepath = $imagedir . $image ; $imageinfo = getimagesize( $imagepath ); if ($imageinfo[2] == 1) { $imagetype = "gif" ; } elseif ($imageinfo[2] == 2) { $imagetype = "jpeg" ; } elseif ($imageinfo[2] == 3) { $imagetype = "png" ; } else { header( "HTTP/1.0 404 Not Found" ); exit ; } header( "Content-type: image/$imagetype" ); @readfile( $imagepath ); } else { if (isset($email)) { mail( $email, "Bandwidth Theft Alert", "WARNING:\n\n$referrer\ntried to access\n$image\n", "From: CHImageGuard <$email>" ); } header( "HTTP/1.0 404 Not Found" ); } } else { header( "Location: $homepage" ); } ?> Edited March 23, 2013 by uppalakishore Quote Link to comment Share on other sites More sharing options...
uppalakishore Posted April 6, 2013 Author Share Posted April 6, 2013 (edited) The above code is working fine in case of a particular image like freak_test.php?image=f3.jpg (The code is saved in a page "freak_test.php") In case of, <img src="freak_test.php?image=f3.jpg" width=200 height=300 /> It will not displaying the image And when Right click on the image and click "View Image" it displays the following error Deprecated: Function eregi() is deprecated in F:\xampp\htdocs\photo_gallery\User_data\User_details\freak_test.php any Suggestions? Edited April 6, 2013 by uppalakishore Quote Link to comment Share on other sites More sharing options...
trq Posted April 6, 2013 Share Posted April 6, 2013 As the error says, eregi is deprecated. There are details on the manual page about how to handle this. Quote Link to comment Share on other sites More sharing options...
l0gic Posted April 6, 2013 Share Posted April 6, 2013 (edited) It's been awhile but I'm pretty sure you could also use .htaccess to only allow access to the directory from a certain referrer. For example, allow access from ..yoursite/viewpic.php where the viewpic.php checks login status, and if all conditions are met redirects you to the image passed via GET/Query which you will be able to see because your referrer is viewpic.php if conditions are not met in viewpic.php, redirect to a 'you need to be logged in to view images' page/error. So then if you had the image testpic01.jpg you would link to it such as ..href="path/to/viewpic.php?p=testpic01&f=jpg".. 'p' being the filename, 'f' being the format/extension. I'm pretty sure you could also display images on a page using something similar to this method, and of course it could be used to 'protect' any file-type. RewriteEngine On RewriteCond %{HTTP_REFERER} !(www.)?example.com/viewpic.php RewriteRule .* - [F] Something like ^that anyway. See Here: http://www.hongkiat.com/blog/smarter-way-to-prevent-image-hotlinking-with-htaccess/ Edited April 6, 2013 by l0gic Quote Link to comment Share on other sites More sharing options...
uppalakishore Posted April 8, 2013 Author Share Posted April 8, 2013 (edited) Thank u @ trq and l0gic...But i slightly confused... I found a link http://michael.theirwinfamily.net/articles/csshtml/protecting-images-using-php-and-htaccess I added the following .ht access files to Image directory and to main directory .htaccess in main folder: RewriteEngine on RewriteCond %{HTTP_REFERER} ^$ RewriteCond %{SCRIPT_FILENAME} image\.php RewriteRule (.*) image.php?onlyHappensFromHTACCESS=denied [QSA,L] .htaccess in Images folder: #Prevent directory listing Options -Indexes #Prevent images from being viewed <Files *> deny from all </Files> image.php: <?php if (!isset($_GET['onlyHappensFromHTACCESS'])) { $_GET['f'] = "./Images/" . $_GET['f']; //my folder name="Images"; $type = getFileType($_GET['f']); if (acceptableType($type)) { if (goodTiming()) { header("Content-type: $type"); echo file_get_contents($_GET['f']); exit; } } header('HTTP/1.1 403 Forbidden'); exit; } function getFileType($file) { if (function_exists("mime_content_type")) return mime_content_type($file); else if (function_exists("finfo_open")) { $finfo = finfo_open(FILEINFO_MIME_TYPE); $type = finfo_file($finfo, $file); finfo_close($finfo); return $type; } else { $types = array( 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif', 'bmp' => 'image/bmp' ); $ext = substr($file, strrpos($file, '.') + 1); if (key_exists($ext, $types)) return $types[$ext]; return "unknown"; } } function acceptableType($type) { $array = array("image/jpeg", "image/jpg", "image/png", "image/png", "image/gif"); if (in_array($type, $array)) return true; return false; } function goodTiming() { $n = time(); session_start(); if ($n - $_SESSION['lastcheck'] > 2 ) return false; return true; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <title>Image Denied</title> <style type="text/css" media="screen"> body { background-color: #ccc; font-family: Helvetica, Arial; } #wrapper { margin: 30px auto; background-color: #ffffff; -moz-border-radius: 15px; -webkit-border-radius: 15px; border-radius: 15px; width: 800px; padding: 20px; } </style> </head> <div id="wrapper"> <h3>Access Denied!</h3> You have tried to access an image, but due to security reasons, you cannot view the image. If you wish to use the image you requested, please contact me. </div> </html> index1.php: <?php session_start(); $_SESSION['lastcheck'] = time(); ?> <html> <head> <title>Page Title</title> <style type="text/css"> .image { overflow: hidden; position: relative; float: left; } .image .cover, .image .cover img { position: absolute; top: 0px; left: 0px; width: 100%; height: 100%; } </style> </head> <body> <div class="image"> <img src="image.php?f=f3.jpg" alt="Image" /> <div class="cover"><img src="Transparent.gif" alt="" /></div> </div> </body> </html> I got the output as "Image"(Means alt will be loaded)...when i right click on it,and select View Image "Transparent.gif" will be displaying normally. I can't understant what is the problem here... Edited April 8, 2013 by uppalakishore Quote Link to comment Share on other sites More sharing options...
uppalakishore Posted April 15, 2013 Author Share Posted April 15, 2013 I want to display the image when i use the tag <img src="image.php?f=f3.jpg" alt="Image" /> Any help Wil be Appreciable... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.