Reputation: 735
How to prevent access to an image folder in PHP with sessions?
I have a folder named "images" and subfolders named from their owner's username.
How can I give access to the content of a folder to its owner using sessions?
Should I use something like this?
header('Content-Type: image/png');
if (userIsLoggedIn()) {
readfile('images/username/randomlygeneratedimagename.png');
} else {
die();
}
However if someone finds the source of the image he can directly access it without being logged in...
And more generally, is it necessary to have such security? If the owner doesn't share his images no one could guess the filename and access it...
Thanks for your help!
Upvotes: 0
Views: 432
Answers (1)
Reputation: 23346
You've basically got the right solution. Just make sure you store the assets where they're not publicly accessible. If the images are readable by your PHP script then it can serve them using your code - the assets don't actually have to be accessibly to download directly for it to work.
One other point, if you want a slightly more performant solution, consider using an X-SendFile header approach (mod_xsendfile for Apache, or use the built in functionality of lighttpd or nginx). This let's you tell Apache what file to serve without having to pass through the actual data. It's actually very easy to set up (easier than your approach, IMO) and is particularly good for serving large files, or scaling up volume considerably.
Upvotes: 1
Related Questions
- Allowing images to display only when user is logged in.
- Allow access to particular file in PHP
- How to prevent images from access
- restrict access to image files for logged in users only in php
- CodeIgniter - Users should only have access to their own images
- How to restrict a session to a directory only in PHP?
- Protect image path - PHP
- Restrict file access to authorized php users
- Best way to limit access to images... is this about right?