Restricting images from direct url download

前端未结

关注

 1  325

I asked this question a while ago and got an answer that I thought would work but I\'m still having an issue. Maybe it\'s something I\'m doing wrong but I still don\'t have

相关标签:

1条回答

无人及你

2021-01-15 01:17

Move images outside public Document Root of your host, or restrict access to them with .htaccess like

<FilesMatch "\.(gif|png|jpe?g)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

And send images with PHP script, that will check user session and send the image only if user is logged in.

//... your session checking routine just like in other scripts
if (!$logged) {
    //show error
    exit();
}

//Simple extention-to-mimetype map:
$mimetypes = array(
    '.jpg' => 'image/jpeg'
    '.jpeg'=> 'image/jpeg'
    '.pdf' => 'application/pdf'
    //add other extensions if needed
);

$file = basename($_GET['file']);    //preventing tricks with ../../anypath/anyfile
$ext = substr($file, strrpos($file, '.'));
if (file_exists($images_dir . $file) && isset($mimetypes[$ext]) ) {
    header('Content-Type: ' . $mimetypes[$ext]);
    echo file_get_contents($images_dir . $file);
} else {
    //show error
}

0 讨论(0)