3

I have a folder in my project where the images sent by users are stored, which are private and are meant to be seen only by other users. I wish to redirect the page to some other page if someone attempt to open an image directly using the address bar (in case someone knows the where the images are stored) in the browser, also at the same time the images should load using img src="". My current htaccess file looks smth like this right now:

<IfModule mod_rewrite.c>
  Options -Multiviews
  RewriteEngine On
  RewriteBase /vector/frontend
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule  ^(.+)$ index.php?url=$1 [QSA,L]
</IfModule>

My code is in PHP. How can this be done?

RST
  • 3,899
  • 2
  • 20
  • 33
asdfasdfasdf
  • 73
  • 6
  • 2
    Just block access to the directory - `Require all denied` ? PHP will still be able to retrieve the files - so you might have something like `view.php` which grabs the image from that directory and I dunno, adds a watermark (for example) before outputting it to the browser. Use the path to `view.php` as the src for the `` tag. – CD001 May 28 '20 at 15:26
  • I did the same, but it still loads the images in the browser.. – asdfasdfasdf May 28 '20 at 15:33
  • Oh.. wait it's working, I had to Ctrl+F5 in chrome, to display the changes. @CD001 by any chance can you please tell me how do I display an image using PHP? Require, include, readfile none of those work/// – asdfasdfasdf May 28 '20 at 15:58
  • 1
    I've got to take the dog out now - but you'd basically set the relevant `header()` for the image type at the top of the document, read the file in and echo it out, [something like this](https://stackoverflow.com/questions/4286677/show-image-using-file-get-contents) at a quick glance. – CD001 May 28 '20 at 16:11
  • @CD001 Thank you so much!! – asdfasdfasdf May 28 '20 at 16:12
  • Why do you store those images in a place that is published by your http server at all? That makes no sense. You should store them _outside_ that part of the file system. – arkascha May 28 '20 at 17:07
  • @arkascha can we access them after we've stored ata different place?? If so how?? – asdfasdfasdf May 29 '20 at 06:20
  • 1
    Certainly you can. If you can store them elsewhere you can also access the again, obviously. In general the access to such resources (images, documents, uploaded files) should be implemented in a routing logic, they should _not_ be directly published. You will find endless examples for such scripts taking a resource to be accessed as an argument. These scripts can then apply whatever authorization strategy you need to control access. – arkascha May 29 '20 at 07:36
  • How can I implement this whole authorization thing @arkascha. Can you please provide some link that might help me?? – asdfasdfasdf May 29 '20 at 09:02
  • 1
    Well, no link, you can do a search yourself, I'd say. Simply rewrite all requests to `/path/to/ressource` (a "path" that does not exist in the server side file system). Assuming that "resource" is the file you want to offer access to you can rewrite that: `RewriteRule ^/?path/to/(.+)$ /resource.php?requested=$1 [END]`. Now you can implement a script `resource.php` which takes the resource name from `$_GET['resource']` and decides whether to deliver that resource or not (however you want to decidde that, may sessions). If so, then uses `passtru()` or similar to send the resource. – arkascha May 29 '20 at 11:27

0 Answers0