How PHP controls user access to images PHP Forbidden Pictures hotlinking, _php tutorials

Source: Internet
Author: User
Tags fread

How PHP controls the user's access to images PHP forbidden image hotlinking,


Set the images directory to not allow HTTP access (the image directory: read, directory browsing two permissions removed).
Use a PHP file to read the image directly with the files function. In this PHP file for permission control.
In the Apache environment, add the following file to your image directory.

File name. htaccess
The file contents are as follows

Copy the Code code as follows:
# Options The. htaccess files in directories can override.
# Edit apache/conf/httpd.conf to allowoverride in. htaccess
# allowoverride Authconfig
# Stop The directory list from being shown
Options-indexes
# Controls who can get stuff from the this server.
Order Deny,allow
Deny from all
Allow from localhost

Other web environments, such as Iss,nginx, are similar.

class imgdata{public $imgsrc;p ublic $imgdata;p ublic $imgform;p ublic function Getdir ($source) {$ THIS->IMGSRC = $source;} Public Function Img2data () {$this->_imgfrom ($this->imgsrc); return $this->imgdata=fread (fopen ($this- IMGSRC, ' RB '), FileSize ($this->imgsrc));} Public Function data2img () {Header ("Content-type: $this->imgform"); Echo $this->imgdata;//echo $this Imgform;//imagecreatefromstring ($this->imgdata);} Public Function _imgfrom ($imgsrc) {$info =getimagesize ($IMGSRC);//var_dump ($info); return $this->imgform = $info [' Mime '];}} $n = new Imgdata; $n-Getdir ("1.jpg"); Picture path, generally stored in the database, the user can not get the real path, according to the image ID to get $n-img2data (); $n, data2img (); 

This code is to read the picture, and then output directly to the browser, in the read and output before the user's permission to judge.
The PHP reading here is not referring to the read path, but rather to reading the contents of the picture and then passing
Header (); Enter the image type, such as GIF png jpg, and output the contents of the image below, so the fread () is used.
In fact, you see image.php?id=100 is to display this picture in the browser, and you view the source file, see not the path of the picture, but garbled image content.
===========================================
Similar to the QQ space of the encrypted album, only enter the password to access, and directly in the browser entered the encrypted album of the photo address is also inaccessible. My current idea is that the address of the picture is a php file, through PHP to verify permissions, read pictures, and output, do not know besides such a method there is more simple and efficient practice does not? For example, to generate a temporary browsing address, using some nginx anti-theft chain plug-in?
You can use Ngx_http_auth_basic_module to do it.

Modifying a configuration file

Copy the Code code as follows:
Location/{
root/usr/local/nginx/html;
Auth_basic "Auth";
AUTH_BASIC_USER_FILE/USR/LOCAL/NGINX/CONF/HTPASSWD;
Index index.php index.htm;
}


Auth_basic the auth in "Auth" is the title of the Popup box (enter user name and password)
AUTH_BASIC_USER_FILE/USR/LOCAL/NGINX/CONF/HTPASSWD; The/usr/local/nginx/conf/htpasswd in is the file where the password is saved


PHP Forbidden Picture hotlinking
1. Assume that the host domain name of the linked image is: www.test.com
2, modify the httpd.conf

Copy the Code code as follows:
Setenvifnocase Referer "^http://www.test.com/" local_ref=1

Order Allow,deny
Allow from Env=local_ref

This simple application can not only solve the picture hotlinking problem, a little modification can also prevent any file hotlinking download problem.
Using the above method when the image from a non-specified host link, the picture will not be displayed, if you want to display a "no hotlinking" picture, we can use mod_rewrite to achieve.
First, when installing Apache, add the –enable-rewrite parameter to load the Mod_rewrite module.
Assuming that the "Prohibit hotlinking" picture is abc.gif, we can configure this in httpd.conf:

Copy the Code code as follows:
Rewriteengine on
Rewritecond%{http_referer}!^$
Rewritecond%{http_referer}!^http://(www\.)? test.com/.*$ [NC]
Rewriterule \. (gif|jpg) $ http://www.test.com/abc.gif [r,l]

When the host's picture is hotlinking, only then will see abc.gif this "prohibits hotlinking" the picture!

http://www.bkjia.com/PHPjc/1113693.html www.bkjia.com true http://www.bkjia.com/PHPjc/1113693.html techarticle PHP How to control the user access to the picture php prohibit image hotlinking, the images directory is set to not allow HTTP access (the picture directory: read, directory browsing two permissions removed). Use a.

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.