CodeIgniter - 用户应该只能访问自己的图像 [英] CodeIgniter - Users should only have access to their own images
问题描述
我目前正在尝试使用CodeIgniter开发图片上传网站。
事情是,我今天遇到一个问题,我真的很感激任何帮助,以解决它。
所以基本上,加工。但事情是,文件不是私有的。用户可能希望确保用户上传的文件仅由他们可见,而不是由猜到一堆网址的人看到。 (例如,user1上传他想要保持私有的image1,对于他自己=> [localhostlocalhost / upload_script / files / image1.jpg],user2可以通过猜测并输入url [localhost / upload_script / files / image1.jpg]这是我们不想发生的。)
我做了一些研究,我认为这可能需要另一个控制器来服务文件(它检查会话数据)。
在过去的一段时间里,我一直在使用PHP进行会话等等,但我对CodeIgniter并不熟悉。
这是唯一的方法吗?我不认为我需要为每个用户创建单独的目录,我吗?
提前感谢,
p> harris21为了保护文件,您需要将它们保存在您的web根目录之外,否则人们总是
我使用了非常方便的 mod_xsendfile (如果您具有对服务器的访问权限),这将允许您提供受访问控制保护的文件,并且在没有相应凭据的情况下无法访问。 / p>
您可以在CI控制器中显示代码片段(从mod_xsendfile页面改编)的代码片段:
...
if($ user-> isLoggedIn())
{
header(X-Sendfile:$ path_to_somefile);
header('Content-Type:image / jpeg');
exit;
}
如果你不能安装mod_xsendfile,那么你唯一的选择就是使用 readfile()作为TheShiftExchange说。
I am currently trying to develop an image uploading website by using CodeIgniter. The thing is, I came across an issue today and I would really appreciate any kind of help in order to solve it.
So basically, the site is working. But the thing is, that the files are not private. A user may want to ensure that the files the users upload are only visible by them, and not by someone who just guesses a bunch of urls. (eg. user1 uploads image1 which he wants to keep private, for himself =>[localhostlocalhost/upload_script/files/image1.jpg], user2 can access image1 by guessing and typing the url [localhost/upload_script/files/image1.jpg] which is what we don't want to happen. ) I have done some research and I think that this would probably require another controller for serving the files (which checks for session data). I have been "playing" with sessions etc in PHP for quite some time in the past, but I am not that familiar with them in CodeIgniter. Is this the only way? I don't think I need to create separate directories for each user, do I? Can you please tell me how to head to the right direction or give me an example?
Thanks in advance,
harris21
In order to protect files, you will need keep them outside of your web root, otherwise people will always be able to url hack their way round.
I have used the very handy mod_xsendfile for apache (if you have that kind of access to your server) which will allow you to serve files that can be protected by access control and not accessed without the appropriate credentials.
Code snippet that you could put in your CI controller to display an image (adapted from the mod_xsendfile page):
...
if ($user->isLoggedIn())
{
header("X-Sendfile: $path_to_somefile");
header('Content-Type: image/jpeg');
exit;
}
If you cannot install mod_xsendfile then your only other option would be to use readfile() as TheShiftExchange says.
这篇关于CodeIgniter - 用户应该只能访问自己的图像的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
