开发者

Protect a generate image with php

问答 作者:

I'm having a problem here and I think people here can help me.

I have a file that generates an image, ler.php, and the f开发者_运维知识库ile that loads the images through a while, carregar.php.

I need to block direct access to the images generated by ler.php, tried to make a system like this session:

carregar.php:

<?
$_session['a'] = 1;
while($a != 50) { echo "<img src='ler.php?imagem=$a'>"; $a++; }
$_session['a'] = 0;
?>

ler.php:

<? if($_session['a'] == 1) { //load image } ?>

The result is the only loading the first image.

I'm trying to now use the $_SERVER ["PHP_SELF"], placing the IF of ler.php, what happens is I load it through <img src=''> she identifies as carregar.php.

Who has the best solution? I've tried several ways with $_SESSION and it seems to not really work.

I could suggest two ways:

  1. Easy to implement, less protective: in ler.php check that $_SERVER["HTTP_REFERER"] refers to "carregar.php".

  2. A little bit more complicated: in carregar.php generate an unique code for each image you're going to output and store it in $_SESSION. Then pass the code to ler.php as a GET parameter. In ler.php check if the code exists in $_SESSION object, then generate an image and remove the code from $_SESSION.

I have a hard time identifying the problem, but your use of the session is going to lead to unexpected results:

You are adding 50 (I guess...) image tags to a page and right after you have added these tags, you set the session variable to 0.

The browser only loads a few files from the same server at the same time, so when the script is done and the first image is loaded, the browser is going to request the next image but that will fail as you have set the session variable to 0 already.

The only way to reliably set the session variable to 0 after all images have loaded, is an ajax request from your page that checks and triggers after all images have completely loaded.

Good! I managed to resolve one way and improvised without using AJAX:

ler.php:

<?php
    if(isset($_SERVER["HTTP_REFERER"])) {
    $check2 = (strpos($_SERVER["HTTP_REFERER"], 'carregar.php') > 0) ? true : false;
    if(print_r($check2) != 11) {
// Blank
    }
    } else {          
    if(isset($_SERVER["HTTP_REFERER"]))
    {
// Load Image
    }
    if(!isset($_SERVER["HTTP_REFERER"]))
    {
// Blank
    }
?>

So, the image only can be loaded into my page. Maybe...

继续阅读:phpsessionwhile-loop

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9