开发者

Image display permissions in PHP/Apache

I have a PHP site with a login system, and am trying to make a feature where only specific usernames can view particular images. I think what I'm trying to do is more involved than merely changing the .htaccess file, because a) this won't help discern between users that are/aren't allowed to view the image, and b) if someone enters the exact URL of the image ("directory/images/photos/230ru0q0238rn230nd_asdi0nqn8.jpg") they can still view the image (since it's a physical file in the directory, and not text in a DB, etc.). Again, restricting开发者_如何学编程 via .htaccess would restrict the directory as a whole, or all files in it, so I can't figure out how it would work. Ideally, all images would be blocked by trying to access them directly through their direct URL, and the image would only appear between <img> tags if the user's session/username is valid, else they get an error message.

I've heard the term ACL but I'm not sure this is related to what I'm trying to do.


The Authorization and ACL scheme can vary, but to accomplish the basic goal of your question:

  • Put the images in a non-web accessible directory that PHP can sill read.
  • Use .htaccess to rewrite all requests to a script (this may eliminate the preceding step, assuming it denies any direct access to the files).
  • Confirm that the requesting user can view the requested image.
  • Use readfile() (or a variety of other functions) to output the image.


What you can do is create a simple context which outputs an image as a stream. The image which is output depends on the id (or some identifier) e.g.:

viewImages.php?imageId=234643

viewImages.php checks if the user is logged/authorised in (via $_SESSION most likely), and if so, it sends the image to the browser possibly using readfile.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜