I have an images dir at the root of my site. It includes images that should be public, in a public sub-directory, and images in a private directory that should only be available to logged in users. The problem is a logged-in user can copy the img URL, give it to a non-users and now they have access.
I have an .htaccess file set up already to prevent hotlinking. I suspect I need to create a controller t开发者_如何学Pythonhat servers image, and checks user credentials b4 serving the image, and use .htaccess to send the user to that controller if they try to access private images? Is this best practice? Could someone please post some code to help me better visualize.
You can always use PHP to stream the image from a hidden path after you authenticated the user. Create a controller called getimage.php which you call like:
<img src="getimage?imagename.jpg" />
Then in the controller:
<?php
class Getimage extends Controller{
function index(){
//code to authenticate user goes here then...
header("Content-type: image/jpeg");
if(file_exists(hiddenpath.$_GET['imgid'])){
$img_handle = imagecreatefromjpeg(hiddenpath.$_GET['imgid'] ) or die("");
ImageJpeg($img_handle);
}
}
}
?>
精彩评论