How to control user access to images in php

This article mainly introduces how PHP controls users' access rights to images. It is mostly used to prevent hot links. Friends in need can refer to it. I hope to be helpful.

Set the images directory to not allow http access (remove the two permissions of the image directory: reading and directory browsing).
Use a PHP file and directly use the file function to read the image. Perform permission control in this PHP file.
In the apache environment, just add the following file to your image directory.

File name .htaccess
The file content is as follows

# options the .htaccess files in directories can override.
# Edit apache/conf/httpd.conf to AllowOverride in .htaccess
# AllowOverride AuthConfig
# Stop the directory list from being shown
Options -Indexes
# Controls who can get stuff from this server.
Order Deny,Allow
Deny from all
Allow from localhost

Other web environments such as iss and nginx are similar.

class imgdata{
public $imgsrc;
public $imgdata;
public $imgform;
public function getdir($source){
$this->imgsrc = $source;
}
public function img2data(){
$this->_imgfrom($this->imgsrc);
return $this->imgdata=fread(fopen($this->imgsrc,'rb'),filesize($this->imgsrc));
}
public function data2img(){
header(“content-type:$this->imgform”);
echo $this->imgdata;
//echo $this->imgform;
//imagecreatefromstring($this->imgdata);
}
public function _imgfrom($imgsrc){
$info=getimagesize($imgsrc);
//var_dump($info);
return $this->imgform = $info['mime'];
}
}
$n = new imgdata;
$n -> getdir(“1.jpg”); //图片路径，一般存储在数据库里，用户无法获取真实路径,可根据图片ID来获取
$n -> img2data();
$n -> data2img();

This code reads the image and then outputs it directly to the browser. Before reading and outputting, the user permissions are judged.
The PHP reading picture mentioned here does not refer to the reading path, but refers to reading the content of the picture, and then input the picture type through
Header();, such as gif png jpg, etc., and output the content of the picture below , so fread()
Actually, when you see image.php?id=100, this image is displayed on the browser, and when you view the source file, you will not see the path of the image, but the path to the image. It's garbled image content.
============================================
Similar The encrypted album in QQ space can only be accessed by entering the password, and the photo address in the encrypted album cannot be accessed by directly entering the address of the encrypted album in the browser. My current idea is that the address of the image is a php file, and the permissions are verified through php, the image is read, and output. I wonder if there is a simpler and more efficient way besides this method? For example, generate a temporary browsing address and use some anti-hotlink plug-ins of nginx?
You can use ngx_http_auth_basic_module to complete.

Modify the configuration file

location / {
root /usr/local/nginx/html;
auth_basic “Auth”;
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
index index.php index.htm;
}

auth_basic Auth in "Auth" is the title of the pop-up box (enter user name and password)
auth_basic_user_file /usr/ /usr/local/nginx/conf/htpasswd; in local/nginx/conf/htpasswd; is the file that saves the password

PHP prohibits hotlinking of images
1. Assume that linking to images is allowed The host domain name is: www.test.com
2. Modify httpd.conf

SetEnvIfNoCase Referer “^http://www.test.com/” local_ref=1
<FilesMatch “.(gif|jpg)”>
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>

. This simple application can not only solve the problem of hotlinking of pictures, but with slight modifications, it can also prevent the downloading of any files. question.
When using the above method to connect images from a non-specified host, the image will not be displayed. If you want to display a "hot link prohibited" image, we can use mod_rewrite to achieve this.
First, when installing apache, add the –enable-rewrite parameter to load the mod_rewrite module.
Assume that the "Prohibited Hotlinking" picture is abc.gif, we can configure it in httpd.conf like this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?test.com /.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.test.com/abc.gif [R,L]

When the host's picture is hotlinked, only abc.gif will be seen. A "no hotlinking" picture!

Related recommendations:

#TP5 Auth Permission Management Example

# #PHP method to implement permission management function

PHP method to simply obtain the website Baidu and Sogou included number

The above is the detailed content of How to control user access to images in php. For more information, please follow other related articles on the PHP Chinese website!