Jump to content


Photo

accessing files ONLY from php scripts (not from URL)


  • Please log in to reply
3 replies to this topic

#1 pixelio

pixelio
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 28 May 2003 - 10:10 AM

Hi,

I would like to protect the files from a directory so they can only be accessed from my php scripts. I do not want the users to be able to write the URL of the image in his browser and to acces it directly.
PHP is running as an Apache module (CGI impossible).
I could use .htaccess with apache authentication but I don\'t want the user to be prompt for a username / password (everybody can access this images but only from my php scripts!).

can anybody help?

thanks

#2 BK87

BK87
  • Members
  • PipPipPip
  • Advanced Member
  • 147 posts
  • LocationPhiladelphia, PA

Posted 29 May 2003 - 01:45 PM

I think this is what you mean:
Make a file called \'picture.php\'
[php:1:59120b2234]<?php
$imgFolder=\"images/\";

if(isset($_GET[\"img\"])){
print(\"<img src=\"$imgFolder\".$_GET[\"img\"].\"\">\");
}
?>[/php:1:59120b2234]

Usage: http://localhost/pic...img=somepic.jpg

#3 mikehart

mikehart
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 26 April 2004 - 03:48 PM

I was interested in the same thing. I want to be able to restrict the access to a .jpg file so that only an authorized user can get to it. Using:

print("<img src="$imgFolder".$_GET["img"]."">");
}

just means that he the user doesn't need to enter the right folder, but he needs to have access to that folder.

I have found a workaround, by reading the file into php and doing something like:

<img src ="getimage.php?image=filename">

getimage.php checks to see if the user has the right access via my authorization code and then I do

readfile($filename);

The problem is that I think this might be a little slow, particularly if there are a lot of files. Also, the users can't cache the file in the browser - the next time they visit the page, they need to load the images all over again.

Does anyone have other ideas, as to how I could limit access to the files using another method?

Thanks


#4 Katherine

Katherine
  • Members
  • Pip
  • Newbie
  • 3 posts

Posted 04 October 2005 - 09:36 PM

Hi,
I would like to protect the files from a directory so they can only be accessed from my php scripts. I do not want the users to be able to write the URL of the image in his browser and to acces it directly.
PHP is running as an Apache module (CGI impossible).
I could use .htaccess with apache authentication but I don't want the user to be prompt for a username / password (everybody can access this images but only from my php scripts!).
can anybody help?
thanks

View Post

Why don't you simply create a folder outside of the web server root ?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users