PHP with .htaccess

thezone1 · Apr 24, 2008

Hi i have just finished setting up my site, and now i would like to give users a image directory, but i dont want anyone to be able to access it,
the site runs on php sessions,

So can anyone help me.

supajason · Apr 24, 2008

can you explain a bit more?

dWhite · Apr 24, 2008

I am not quite clear on what you are requiring.

You state you want to give users an image directory, but don't want anyone to access it? Do you mean like, protect the specified users image directory from maybe hotlinking or deny full access?

leafypiggy · Apr 24, 2008

I think he means that he wants PHP to store a session for one user to be able to go to a dl link, but put hotlink protection on it so a user cant go to http://example.com/image Directory

thezone1 · Apr 24, 2008

yes thats what i meant sorry,
I want users to have there own directory, and be able to view and download out the the folder but not directly access it,
and i want to prevent some one from typing the full file address into the url

marshian · Apr 24, 2008

i think that will be hard to do with .htaccess
perhaps you should try it with CHMOD 770 and create a sort of cp for the users?

cowctcat · Apr 24, 2008

What you could do is put the folders above your public_html directory so they can't ba accessed from the web and then make a php script to show them or whatever it is you want to do.

woiwky · Apr 24, 2008

Actually, it should be quite easy with .htaccess. It's just that it isn't guaranteed you'd be able to block/allow exactly who you want. If you store all your images in one folder, then it would look something like this:

Code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://yoursitename\.x10hosting\.com/ [NC]
RewriteRule .* - [F]

However, the problem with this is that it relies on http_referer, which isn't reliable itself. You could include a line to allow requests which come from users with no referer, but then hotlinked requests from these users would also be accepted.

So, if you just want to allow logged in users to view the images in this folder, then I would deny all access to the folder and have the images linked through a script. The script could then make sure the user is logged in, and then respond with the requested image if they are. Something like this:

HTML:

Code:

<img src="getimage.php?img=someimage.png" alt="Some Image" />

getimage.php:

PHP:

if (isset($_SESSION['user_id'], $_GET['img'])) {
    $img = 'images/' . $_GET['img'];
    if (file_exists($img)) {
        $type = substr($img, strrpos($img, '.') + 1);
        switch ($type) {
            case 'jpg':
            case 'jpeg':
                $type = 'image/jpeg';
                break;
            case 'png':
                $type = 'image/png';
                break;
            case 'gif':
                $type = 'image/gif';
                break;
            default:
                exit(0);
        }
        header("Content-type: $type");
        readfile($img);
    }
}

thezone1 · Apr 25, 2008

Thanks i have ,with your help, come up with the solution of passing the file to a download script so i have one script that lets the user view the files they have and another that lets them download the files but allow prevents hotlinking

LHVWB · Apr 25, 2008

This issue seems to be resolved, if the author has any questions about this issue then they can reopen this thread.

* Closed *

PHP with .htaccess

thezone1

New Member

supajason

Member

dWhite

Guest

leafypiggy

Manager of Pens and Office Supplies

thezone1

New Member

marshian

New Member

cowctcat

New Member

woiwky

New Member

thezone1

New Member

LHVWB

New Member

Free Web Hosting

Our Community

Legal