Restricting images from direct url download

前端未结

关注

 1  327

栀梦 2021-01-15 00:39

I asked this question a while ago and got an answer that I thought would work but I\'m still having an issue. Maybe it\'s something I\'m doing wrong but I still don\'t have

1条回答

无人及你 (楼主)

2021-01-15 01:17

Move images outside public Document Root of your host, or restrict access to them with .htaccess like


  Order Allow,Deny
  Deny from all

And send images with PHP script, that will check user session and send the image only if user is logged in.

//... your session checking routine just like in other scripts
if (!$logged) {
    //show error
    exit();
}

//Simple extention-to-mimetype map:
$mimetypes = array(
    '.jpg' => 'image/jpeg'
    '.jpeg'=> 'image/jpeg'
    '.pdf' => 'application/pdf'
    //add other extensions if needed
);

$file = basename($_GET['file']);    //preventing tricks with ../../anypath/anyfile
$ext = substr($file, strrpos($file, '.'));
if (file_exists($images_dir . $file) && isset($mimetypes[$ext]) ) {
    header('Content-Type: ' . $mimetypes[$ext]);
    echo file_get_contents($images_dir . $file);
} else {
    //show error
}

0 讨论(0)