StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POProtect a folder by .htaccess RewriteRule to php
text
Body
copied!<p>We are building an online photo-album. People need to login to see the images.We are trying to protect the image-files as well but we are stuck in a problem</p> <p>By a session-variable we check if the users is logged in.</p> <pre><code>$_SESSION['is_ingelogd'] </code></pre> <p>We build a security page (which checks if the user is logged in). We include this page to every page that has to be secured. But now we want to protect the images too.</p> <p>So we build a .htaccess file that refers all requests of files in our photo-folder to a php page. The php page has to check if the user is loged in. If the user is not loged in, it will echo a text with the request to login. If the user is logged in, the the php file has to to send the requested file (image).</p> <p>We use the following code to do this:</p> <p><em>The .htaccess file (in the folder /fotoalbum/uploads/ ) :</em></p> <pre><code>RewriteEngine On RewriteBase /fotoalbum/ RewriteCond %{SCRIPT_FILENAME} !image\.php RewriteCond %{REQUEST_URI} !image\.php RewriteRule ^(.*)$ image.php [QSA,L] </code></pre> <p><em>The .php file (in the folder /fotoalbum/ ) :</em></p> <pre><code><?php session_start(); if ($_SESSION['is_ingelogd'] == "1") { $type = mime_content_type((string)$_SESSION['REQUEST_URI']); header("Content-type: ".$type); echo file_get_contents($_SESSION['REQUEST_URI']); exit; } else{ echo 'Please <a href="../login.php">login</a> to see this file.'; } ?> </code></pre> <p>This code works halves; If a user is not loged in and tries to open any file of the folder /fotoalbum/uploads/ , the php shows the request to login.</p> <p>But if the user is logged in, we don't see the picture. In IE9, the screen keeps blank and in FireFox 3.6, a png returns a message that the image can't be<br> displayed because it contains errors. a jpg returns the url of it and a txt file returns ï»¿</p> <p>We build this scripts with help of following links:</p> <ul> <li><a href="http://michael.theirwinfamily.net/articles/csshtml/protecting-images-using-php-and-htaccess" rel="nofollow">http://michael.theirwinfamily.net/articles/csshtml/protecting-images-using-php-and-htaccess</a></li> <li><a href="http://forums.digitalpoint.com/showthread.php?t=1492222" rel="nofollow">http://forums.digitalpoint.com/showthread.php?t=1492222</a> (#post 12)</li> </ul> <p>Thanks for any help</p> <hr> <h2><strong>UPDATE:</strong></h2> <p>I did some prototyping and the return of <code>mime_content_type((string)$_SESSION['REQUEST_URI']);</code> seems to be blank/null.</p> <p><em>I placed following code in the php file:</em> </p> <pre><code><?php $serveruri = parse_url($_SERVER['REQUEST_URI']); $fileuri = (string)('./uploads/'.basename($serveruri['path']).PHP_EOL); $file = strval($fileuri); echo 'URL Is: '.$file; echo '<br />type Is: '.mime_content_type((string)$file); exit; ?> </code></pre> <p>The browser shows:</p> <pre><code>URL Is: ./uploads/test.jpg Type Is: </code></pre> <p>You can see it doesn't echo a content type. But when I set </p> <p><code>$file = './uploads/test.jpg';</code></p> <p>it perfectly returns:</p> <pre><code>URL Is: ./uploads/test.jpg Type Is: image/jpeg </code></pre> <p>Any suggestion?</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload