通过.htaccess进行重写规则的PHP保护文件夹 [英] Protect a folder by .htaccess RewriteRule to php
问题描述
我们正在建立一个在线照片相册。人们需要登录才能看到images.We试图保护图像文件以及,但我们都陷在问题
We are building an online photo-album. People need to login to see the images.We are trying to protect the image-files as well but we are stuck in a problem
通过一个会话变量,我们检查,如果用户已登录。
By a session-variable we check if the users is logged in.
$_SESSION['is_ingelogd']
我们建立一个安全的网页(它检查如果用户登录)。我们有这个页面,一个必须确保每一页。但是现在我们要保护的图像了。
We build a security page (which checks if the user is logged in). We include this page to every page that has to be secured. But now we want to protect the images too.
所以我们建立一个指向我们的照片文件夹中文件的所有请求到一个PHP页面.htaccess文件。 PHP页面必须检查用户是否loged研究。 如果用户未在loged,它会响应与登录请求的文本。 如果用户登录后,php文件已发送请求的文件(影像)。
So we build a .htaccess file that refers all requests of files in our photo-folder to a php page. The php page has to check if the user is loged in. If the user is not loged in, it will echo a text with the request to login. If the user is logged in, the the php file has to to send the requested file (image).
我们使用下面的code要做到这一点:
We use the following code to do this:
.htaccess文件(该文件夹中/ fotoalbum /上传/):的
RewriteEngine On
RewriteBase /fotoalbum/
RewriteCond %{SCRIPT_FILENAME} !image\.php
RewriteCond %{REQUEST_URI} !image\.php
RewriteRule ^(.*)$ image.php [QSA,L]
的PHP文件(该文件夹中/ fotoalbum /):的
<?php
session_start();
if ($_SESSION['is_ingelogd'] == "1") {
$type = mime_content_type((string)$_SESSION['REQUEST_URI']);
header("Content-type: ".$type);
echo file_get_contents($_SESSION['REQUEST_URI']);
exit;
} else{
echo 'Please <a href="../login.php">login</a> to see this
file.';
}
?>
这code工作半; 如果用户没有loged并尝试打开该文件夹/ fotoalbum的任何文件/上传/时,PHP显示登录请求。
This code works halves; If a user is not loged in and tries to open any file of the folder /fotoalbum/uploads/ , the php shows the request to login.
但是,如果用户登录,我们看不到的画面。
在IE9中,屏幕保持空白,在Firefox 3.6中,PNG返回一个信息,即图像无法
显示,因为它包含错误。一个JPG返回它的URL和一个txt文件返回
But if the user is logged in, we don't see the picture.
In IE9, the screen keeps blank and in FireFox 3.6, a png returns a message that the image can't be
displayed because it contains errors. a jpg returns the url of it and a txt file returns 
我们有以下链接帮助建立这个脚本:
We build this scripts with help of following links:
- 的http://michael.theirwinfamily.net/articles/csshtml/protecting-images-using-php-and-htaccess
- http://forums.digitalpoint.com/showthread.php?t=1492222 (#post 12)
- http://michael.theirwinfamily.net/articles/csshtml/protecting-images-using-php-and-htaccess
- http://forums.digitalpoint.com/showthread.php?t=1492222 (#post 12)
感谢您的帮助
我做了一些原型和 mime_content_type的回报((字符串)$ _ SESSION ['REQUEST_URI']); 似乎是空白/空
I did some prototyping and the return of mime_content_type((string)$_SESSION['REQUEST_URI']); seems to be blank/null.
我把下面的code在PHP文件:的
<?php
$serveruri = parse_url($_SERVER['REQUEST_URI']);
$fileuri = (string)('./uploads/'.basename($serveruri['path']).PHP_EOL);
$file = strval($fileuri);
echo 'URL Is: '.$file;
echo '<br />type Is: '.mime_content_type((string)$file);
exit;
?>
在浏览器中显示:
The browser shows:
URL Is: ./uploads/test.jpg
Type Is:
您可以看到它不会回的内容类型。 但是,当我设置
You can see it doesn't echo a content type. But when I set
$文件='./uploads/test.jpg';
它完美地返回:
URL Is: ./uploads/test.jpg
Type Is: image/jpeg
任何建议?
推荐答案
通过这个题目我做了很多工作技巧。 然而,它现在可以在URL中的查询字符串。
With many tips of this topic I made it work. However it works now with a query string in the URL.
在文件夹fotoalbum .htaccess文件/上传/:的
Options -Indexes
<Files *>
deny from all
</Files>
文件夹中getfile.php文件/ fotoalbum /:的
<?php
//this file checks if user is logged in and dies the request if the user is not logged in
include_once('./config.php');
$file = "uploads/" . $_GET['f'];
$type = mime_content_type($file);
header("Content-type:" .$type);
echo file_get_contents($file);
?>
要获取的图像(或任何类型的文件),网址是 getfile.php?F = file.extension (其中file.extension在文件文件夹fotoalbum /上传/。
To get an image (or whatever type of file), the url is getfile.php?f=file.extension (where file.extension is the file in the folder fotoalbum/uploads/ .
由于人很多大家的帮助!
Thanks al lot everybody for your help!
这篇关于通过.htaccess进行重写规则的PHP保护文件夹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
