Jump to content

accessing files ONLY from php scripts (not from URL)

pixelio

By pixelio
in Apache HTTP Server

 Share

Recommended Posts

pixelio Newbie

pixelio

Posted
Posted

Hi,

 

I would like to protect the files from a directory so they can only be accessed from my php scripts. I do not want the users to be able to write the URL of the image in his browser and to acces it directly.

PHP is running as an Apache module (CGI impossible).

I could use .htaccess with apache authentication but I don\'t want the user to be prompt for a username / password (everybody can access this images but only from my php scripts!).

 

can anybody help?

 

thanks

BK87 Member

BK87

Posted
Posted

I think this is what you mean:

Make a file called \'picture.php\'

[php:1:59120b2234]<?php

$imgFolder=\"images/\";

 

if(isset($_GET[\"img\"])){

print(\"<img src=\"$imgFolder\".$_GET[\"img\"].\"\">\");

}

?>[/php:1:59120b2234]

 

Usage: http://localhost/picture.php?img=somepic.jpg

  • 10 months later...
mikehart Newbie

mikehart

Posted
Posted

I was interested in the same thing. I want to be able to restrict the access to a .jpg file so that only an authorized user can get to it. Using:

 

print("<img src="$imgFolder".$_GET["img"]."">");

}

 

just means that he the user doesn't need to enter the right folder, but he needs to have access to that folder.

 

I have found a workaround, by reading the file into php and doing something like:

 

<img src ="getimage.php?image=filename">

 

getimage.php checks to see if the user has the right access via my authorization code and then I do

 

readfile($filename);

 

The problem is that I think this might be a little slow, particularly if there are a lot of files. Also, the users can't cache the file in the browser - the next time they visit the page, they need to load the images all over again.

 

Does anyone have other ideas, as to how I could limit access to the files using another method?

 

Thanks

 

  • 1 year later...
Katherine Newbie

Katherine

Posted
Posted
Hi,

I would like to protect the files from a directory so they can only be accessed from my php scripts. I do not want the users to be able to write the URL of the image in his browser and to acces it directly.

PHP is running as an Apache module (CGI impossible).

I could use .htaccess with apache authentication but I don't want the user to be prompt for a username / password (everybody can access this images but only from my php scripts!).

can anybody help?

thanks

16719[/snapback]

Why don't you simply create a folder outside of the web server root ?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.