How PHP controls the user's access to the picture php ban picture hotlinking _php tips

The images directory is set to not allow HTTP access (image directory: read, directory browsing two permissions removed).
Using a PHP file, read the picture directly with the file function. Control the permissions in this PHP file.
In the Apache environment, add the following file to your picture catalog.

File name. htaccess
The contents of the document are as follows

Copy Code code as follows:

# Options The. htaccess files in directories can override.
# Edit apache/conf/httpd.conf to allowoverride in. htaccess
# allowoverride Authconfig
# Stop The directory list from being shown
Options-indexes
# Controls who can get stuff from this server.
Order Deny,allow
Deny from all
Allow from localhost

Other web environments such as Iss,nginx are similar.

 class imgdata{public $imgsrc, public $imgdata, public $imgform, Public function Getdir ($ SOURCE) {$this->imgsrc = $source;} public Function Img2data () {$this->_imgfrom ($this->imgsrc); return $this-&
Gt;imgdata=fread (fopen ($this->imgsrc, ' RB '), FileSize ($this->imgsrc)); The Public Function data2img () {Header ("Content-type: $this->imgform"); Echo $this->imgdata;//echo $this->
Imgform;
Imagecreatefromstring ($this->imgdata); The Public Function _imgfrom ($imgsrc) {$info =getimagesize ($IMGSRC),//var_dump ($info), return $this->imgform = $info ['
Mime '];
}} $n = new Imgdata; $n-> getdir ("1.jpg");
Picture path, generally stored in the database, users can not get the real path, according to the picture ID to obtain $n-> img2data (); 
$n-> data2img (); 

This code is to read the picture, and then directly output to the browser, in the read and output before the user permissions to determine.
PHP reads the picture here, not reading the path, but reading the image, and then
Header (), input picture type, such as GIF png jpg, and so on, the following output the contents of the picture, so the use of fread ()
In fact, you see image.php?id=100 is to show this picture in the browser, and you look at the source file, you will not see the path of the picture, but garbled image content.
===========================================
Similar to the QQ space of the encrypted album, only the input password to access, and directly in the browser to enter the encrypted album photo address is also inaccessible. My current idea is that the image of the address is a PHP file, through PHP validation permissions, read the picture, and output, do not know besides such a method there is a more simple and efficient approach? For example, to generate a temporary browse address, using some nginx of some anti-theft chain plug-ins?
You can use Ngx_http_auth_basic_module to do it.

Modify configuration file

Copy Code code as follows:

Location/{
root/usr/local/nginx/html;
Auth_basic "Auth";
AUTH_BASIC_USER_FILE/USR/LOCAL/NGINX/CONF/HTPASSWD;
Index index.php index.htm;
}

The auth in Auth_basic "Auth" is the title of the pop-up box (enter username and password)
AUTH_BASIC_USER_FILE/USR/LOCAL/NGINX/CONF/HTPASSWD; The/usr/local/nginx/conf/htpasswd in is the file that holds the password

PHP prohibits picture hotlinking
1, assume the host domain name of the link picture: www.test.com
2. Modify Httpd.conf

Copy Code code as follows:

Setenvifnocase Referer "^http://www.test.com/" local_ref=1
<filesmatch ". (gif|jpg) ">
Order Allow,deny
Allow from Env=local_ref
</FilesMatch>

This simple application can not only solve the problem of picture hotlinking, a little modification can also prevent any file hotlinking download problems.
Using the above method when you connect a picture from a host that is not specified, the picture will not display, and if you want to display a "no hotlinking" picture, we can use the mod_rewrite to achieve it.
First, add the –enable-rewrite parameter to load the Mod_rewrite module when you install Apache.
Suppose the "Prohibit hotlinking" picture is abc.gif and we can configure this in httpd.conf:

Copy Code code as follows:

Rewriteengine on
Rewritecond%{http_referer}!^$
Rewritecond%{http_referer}!^http://(www\.)? test.com/.*$ [NC]
Rewriterule \. (gif|jpg) $ yun_qi_img/abc.gif [r,l]

When the host's picture is hotlinking, will only see abc.gif this "forbids hotlinking" the picture!