How PHP controls user access to images

This article mainly introduces how to control the user access to the picture, more for the anti-theft chain, the need for friends can refer to. We hope to help you.

Set the images directory to not allow HTTP access (the image directory: read, directory browsing two permissions removed).
Use a PHP file to read the image directly with the files function. In this PHP file for permission control.
In the Apache environment, add the following file to your image directory.

File name. htaccess
The file contents are as follows

# Options The. htaccess files in directories can override.# Edit apache/conf/httpd.conf to allowoverride in. htaccess# All Owoverride authconfig# Stop The directory list from being shownoptions-indexes# Controls who can get stuff from this serv Er. Order deny,allowdeny from Allallow from localhost

Other web environments, such as Iss,nginx, are similar.

class imgdata{public $imgsrc;p ublic $imgdata;p ublic $imgform;p ublic function Getdir ($source) {$this->imgsrc = $source;} Public Function Img2data () {$this->_imgfrom ($this->imgsrc); return $this->imgdata=fread (fopen ($this- IMGSRC, ' RB '), FileSize ($this->imgsrc));} Public Function data2img () {Header ("Content-type: $this->imgform"); Echo $this->imgdata;//echo $this Imgform;//imagecreatefromstring ($this->imgdata);} Public Function _imgfrom ($imgsrc) {$info =getimagesize ($IMGSRC);//var_dump ($info); return $this->imgform = $info [' Mime '];}} $n = new Imgdata; $n-Getdir ("1.jpg"); Picture path, generally stored in the database, the user can not get the real path, according to the image ID to get $n-img2data (); $n, data2img (); 

This code is to read the picture, and then output directly to the browser, in the read and output before the user's permission to judge.
The PHP reading here is not referring to the read path, but rather to reading the contents of the picture and then passing
Header (); Enter the image type, such as GIF png jpg, and output the contents of the image below, so the fread () is used.
In fact, you see image.php?id=100 is to display this picture in the browser, and you view the source file, see not the path of the picture, but garbled image content.
===========================================
Similar to the QQ space of the encrypted album, only enter the password to access, and directly in the browser entered the encrypted album of the photo address is also inaccessible. My current idea is that the address of the picture is a php file, through PHP to verify permissions, read pictures, and output, do not know besides such a method there is more simple and efficient practice does not? For example, to generate a temporary browsing address, using some nginx anti-theft chain plug-in?
You can use Ngx_http_auth_basic_module to do it.

Modifying a configuration file

Location/{root/usr/local/nginx/html;auth_basic "auth"; auth_basic_user_file/usr/local/nginx/conf/htpasswd;index index.php index.htm;}

Auth_basic the auth in "Auth" is the title of the Popup box (enter user name and password)
AUTH_BASIC_USER_FILE/USR/LOCAL/NGINX/CONF/HTPASSWD; The/usr/local/nginx/conf/htpasswd in is the file where the password is saved

PHP Forbidden Picture hotlinking
1. Assume that the host domain name of the linked image is: www.test.com
2, modify the httpd.conf

Setenvifnocase Referer "^http://www.test.com/" Local_ref=1<filesmatch ". (gif|jpg) ">order Allow,denyallow from env=local_ref</filesmatch>

This simple application can not only solve the picture hotlinking problem, a little modification can also prevent any file hotlinking download problem.
Using the above method when the image from a non-specified host link, the picture will not be displayed, if you want to display a "no hotlinking" picture, we can use mod_rewrite to achieve.
First, when installing Apache, add the –enable-rewrite parameter to load the Mod_rewrite module.
Assuming that the "Prohibit hotlinking" picture is abc.gif, we can configure this in httpd.conf:

Rewriteengine Onrewritecond%{http_referer}!^ $RewriteCond%{http_referer}!^http://(www\.)? test.com/.*$ [nc]rewriterule \. (gif|jpg) $ http://www.test.com/abc.gif [r,l]

When the host's picture is hotlinking, only then will see abc.gif this "prohibits hotlinking" the picture!

Related recommendations:

TP5 Auth Rights Management instance

How PHP implements the Rights management function

php simple way to get the site Baidu and Sogou included in the amount of methods