Jump to content

Archived

This topic is now archived and is closed to further replies.

pixelio

accessing files ONLY from php scripts (not from URL)

Recommended Posts

Hi,

 

I would like to protect the files from a directory so they can only be accessed from my php scripts. I do not want the users to be able to write the URL of the image in his browser and to acces it directly.

PHP is running as an Apache module (CGI impossible).

I could use .htaccess with apache authentication but I don\'t want the user to be prompt for a username / password (everybody can access this images but only from my php scripts!).

 

can anybody help?

 

thanks

Share this post


Link to post
Share on other sites

I think this is what you mean:

Make a file called \'picture.php\'

[php:1:59120b2234]<?php

$imgFolder=\"images/\";

 

if(isset($_GET[\"img\"])){

print(\"<img src=\"$imgFolder\".$_GET[\"img\"].\"\">\");

}

?>[/php:1:59120b2234]

 

Usage: http://localhost/picture.php?img=somepic.jpg

Share this post


Link to post
Share on other sites

I was interested in the same thing. I want to be able to restrict the access to a .jpg file so that only an authorized user can get to it. Using:

 

print("<img src="$imgFolder".$_GET["img"]."">");

}

 

just means that he the user doesn't need to enter the right folder, but he needs to have access to that folder.

 

I have found a workaround, by reading the file into php and doing something like:

 

<img src ="getimage.php?image=filename">

 

getimage.php checks to see if the user has the right access via my authorization code and then I do

 

readfile($filename);

 

The problem is that I think this might be a little slow, particularly if there are a lot of files. Also, the users can't cache the file in the browser - the next time they visit the page, they need to load the images all over again.

 

Does anyone have other ideas, as to how I could limit access to the files using another method?

 

Thanks

 

Share this post


Link to post
Share on other sites
Hi,

I would like to protect the files from a directory so they can only be accessed from my php scripts. I do not want the users to be able to write the URL of the image in his browser and to acces it directly.

PHP is running as an Apache module (CGI impossible).

I could use .htaccess with apache authentication but I don't want the user to be prompt for a username / password (everybody can access this images but only from my php scripts!).

can anybody help?

thanks

16719[/snapback]

Why don't you simply create a folder outside of the web server root ?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.