问题描述
||
我们正在建立一个在线相册。人们需要登录才能查看图像。我们也在尝试保护图像文件,但我们陷入了问题
通过会话变量,我们检查用户是否已登录。
$_SESSION[\'is_ingelogd\']
RewriteEngine On
RewriteBase /fotoalbum/
RewriteCond %{SCRIPT_FILENAME} !image\\.PHP
RewriteCond %{REQUEST_URI} !image\\.PHP
RewriteRule ^(.*)$ image.PHP [QSA,L]
<?PHP
session_start();
if ($_SESSION[\'is_ingelogd\'] == \"1\") {
$type = mime_content_type((string)$_SESSION[\'REQUEST_URI\']);
header(\"Content-type: \".$type);
echo file_get_contents($_SESSION[\'REQUEST_URI\']);
exit;
} else{
echo \'Please <a href=\"../login.PHP\">login</a> to see this
file.\';
}
?>
<?PHP
$serveruri = parse_url($_SERVER[\'REQUEST_URI\']);
$fileuri = (string)(\'./uploads/\'.basename($serveruri[\'path\']).PHP_EOL);
$file = strval($fileuri);
echo \'URL Is: \'.$file;
echo \'<br />type Is: \'.mime_content_type((string)$file);
exit;
?>
URL Is: ./uploads/test.jpg
Type Is:
$file = \'./uploads/test.jpg\';
URL Is: ./uploads/test.jpg
Type Is: image/jpeg
解决方法
通过本主题的许多技巧,我使它起作用。
但是,它现在可以与URL中的查询字符串一起使用。
文件夹fotoalbum / uploads /中的.htaccess文件:
Options -Indexes
<Files *>
deny from all
</Files>
<?php
//this file checks if user is logged in and dies the request if the user is not logged in
include_once(\'./config.php\');
$file = \"uploads/\" . $_GET[\'f\'];
$type = mime_content_type($file);
header(\"Content-type:\" .$type);
echo file_get_contents($file);
?>
getfile.php?f=file.extension
header(\"Content-type: \".$type);
<?php
$serveruri = parse_url($_SERVER[\'REQUEST_URI\']);
$file = basename($serveruri[\'path\']);
echo \'URL Is: \' . $file;
echo \'<br />type Is: \' . mime_content_type($file);
exit();
?>