0

Possible Duplicate:
Good Way to Secure File Uploads in PHP

I want to upload some images by using php, and I know that storing them in database is not the right practice, therefore I am going to store them on my web server.

The problem is that this website has a user system and i want only allowed users to access those images and if I put them on web server how can I secure them so that people cant get to them by writing a direct URL to the files?

Thank you for all your help, and it would be great if you can give or refer to an example.

Community
  • 1
  • 1
Volkan Gul
  • 1
  • 1
    Simple. Put them outside your document root and behind login. P.S. this would only prevent hot linking and the likes. Remember everything you put in the web is out of your hands :) – PeeHaa Jan 24 '13 at 00:53
  • 1
    Why do you think storing images in a database is bad practice? – Dai Jan 24 '13 at 00:54
  • Just store them in an SQL table... what makes that "bad practice" – Nick Jan 24 '13 at 02:02

1 Answers1

1

You can use .htaccess to prevent users to access those image direct URL.

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
    RewriteRule ^images/$ /error.php
</IfModule>

Put this file in document root directory.

Devang Rathod
  • 6,650
  • 2
  • 23
  • 32