停止直接访问的文件 [英] Stop files being accessed directly
问题描述
我想知道,我已经为wordpress制作了一个php插件,它是一个图像存储。如果您登录,您将看到已分配的文件。然后你点击下载它下载它们。
I was wondering, I have made a php plugin for wordpress which asks as an image store. If you login you see the files which you have been assigned. Then you click download and it downloads them.
麻烦的是,如果你知道URL,你可以下载图像。如果他们知道其唯一的网址,如何轻松阻止用户下载图片,而只允许具有登录权限的用户查看。
The trouble is, if you know the URL you can download the image regardless. How can I easily stop users from downloading the image if they know its unique URL, and instead only allow those people who have login permission to view it.
我的想法是:
- 某种HTACCESS黑客检查引用URL
- 一种KEY系统,只允许在提供密钥的情况下下载文件。
任何信息或想法都将非常有用,谢谢。
Any information or ideas would be really useful, thank you.
推荐答案
如果您使图像无法读取世界(例如www dir以外的目录,或者只是用一个。 htaccess(不需要引荐检查),您可以确保没有人可以访问您的图像。
If you make the images unreadable for the world (directory outside the www dir for instance, or just block it with a .htaccess (no need for referral check) you can be sure that nobody can access your image.
然后通过文件(例如 getImage .php?imageid = xxxx )检查凭据,如果OK,则读取图像(您的php进程可以读取图像,例如使用 file_get_contents())然后提供它。
Then serve your image through a file (e.g. getImage.php?imageid=xxxx) that checks credentials, and if OK then reads the image (your php process can read the image, e.g. with file_get_contents() ) and then serve it up.
(使用正确的标题,你会很好:标题(content-type:image / your_image_type); )
(use the correct header and you'll be fine: header("content-type: image/your_image_type"); )
这篇关于停止直接访问的文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
