0

I am hoping someone can help me, I am wanting to load/display a image on a page using php. But I want disable the images folder from been accessed from the web.

so e.g if I go to /image.php/test.jpg I want it to go get that image from the image folder and show it on screen using the image.php file, but I don't want it to be viewable like this http://website.com/images/test.jpg (i dont need help with the link code or anything, just the code needed instead of the html img tag) at the moment I am putting the img tage into a varible then returning it out of the function, but I don't think that will work this will work when I close up the image folder.

I am using iis8, I know how to disable the access using request filtering and setting the folder in url deny, just cant get the images or css file to load when I do that, unless theres a better/easier way to do it using iis so only php could call the files but guests cant using my existing

Many thanks all, Michael.

Michael Rooks
  • 39
  • 1
  • 2
  • 8
  • Are you displaying other content on the page or just the one image? – David Jones Nov 03 '14 at 14:48
  • So image.php is entirely responsible for outputting image data? Then use the url to the file as the src attribute: `` As to how you lock down the images folder, the easiest thing is to place it outside the webroot – Steve Nov 03 '14 at 14:51
  • See this post, you can know how to protect your images being accessed.http://stackoverflow.com/questions/2416736 – Cherry Nov 03 '14 at 14:57
  • possible duplicate of [How to password protect files (images, video, zip) dynamically from public and allow access to members only?](http://stackoverflow.com/questions/2416736/how-to-password-protect-files-images-video-zip-dynamically-from-public-and-a) – Scott Saunders Nov 03 '14 at 14:58

2 Answers2

1

You could use something like this in your .htaccess file (assuming your images are located in /images):

RewriteEngine On
RewriteBase /images/
RewriteRule ^(.+?\.jpg)$ index.php?p=$1 [L,QSA,NC]

Then create an index.php in your images folder and put the logic in there to serve the image.

<?php
if($_SERVER['HTTP_REFERER'] === "mywebsite.com"){
header("Content-type: image/jpeg");
readfile($_GET['p']);
}

Or if you simply want to disable indexing, Google is full of helpful info.

I wrestled a bear once.
  • 22,983
  • 19
  • 69
  • 116
0

Add a .htaccess file in your images folder (AllowOverride must be set to true) with the following content:

order deny,allow
deny from all

then create your image.php

$img = $_GET['img'];

$file = 'images' . DIRECTORY_SEPARATOR . $img;
header('Content-Type: image/jpeg');

readfile($file);

and your html should look like:

<img src="image.php?img=rick-rolled.jpg">
motanelu
  • 3,945
  • 1
  • 14
  • 21
  • 1
    To the down-voter: It would be courteous to explain your downvote so that everybody learns something. – Mark Setchell Nov 03 '14 at 14:55
  • 1
    I did not downvote and Mark is right. However, I think the downvote was because of `$img = $_GET['img'];` that should be `$img = $_GET['file'];` since calling it with `image.php?file` or `$img = $_GET['img'];` with `image.php?img` – Funk Forty Niner Nov 03 '14 at 14:57
  • if you're not worried about hotlinking and you only want to disable indexing, there is no need to get PHP involved. – I wrestled a bear once. Nov 03 '14 at 15:00
  • @Adelphia You know, I could have easily also downvoted your answer with the error you made, but I didn't. I made a comment about the `.pdf`. You could have done the same and have said something. There's a lesson here (wink) we're here to help each other, not compete. – Funk Forty Niner Nov 03 '14 at 15:02
  • @Fred-ii- I didn't downvote because of the error, I didn't notice it. I downvoted because the intended solution is inefficient and unnecessary. Not to say it won't work. – I wrestled a bear once. Nov 03 '14 at 15:03
  • @Adelphia Why did you not say that first? You say it now, only "after" the fact.The answer could have been improved. Silent downvoters drive me crazy also lol am sure it would you too, if someone downvotes you but doesn't say why. – Funk Forty Niner Nov 03 '14 at 15:04
  • 1
    Fred, Montanelu, Sorry for the delay in explaining my downvote. It was only because I noticed Fred's comment on my answer and wantedd to fix my own error first. I have removed my downvote. – I wrestled a bear once. Nov 03 '14 at 15:13
  • thanks guys will have a look later on and let you know, how would the htaccess stuff be done on iis8? – Michael Rooks Nov 03 '14 at 16:21
  • right I have locked down the folder and I cant get it to work using readfile, my old code was as follows: $return .= ''.$file_values['."\n"; it was using $return for all the content I need to display from that current function and then using return $return; I am guessing its something to do with this, that's causing it not to work. – Michael Rooks Nov 04 '14 at 13:48