Home  >  Article  >  Backend Development  >  How does PHP control user access to images? PHP prohibits image hotlinking_php tips

How does PHP control user access to images? PHP prohibits image hotlinking_php tips

WBOY
WBOYOriginal
2016-05-16 19:55:461151browse

Set the images directory to not allow http access (remove the two permissions of the image directory: reading and directory browsing).
Use a PHP file and directly use the file function to read the image. Perform permission control in this PHP file.
In the apache environment, just add the following file to your image directory.

File name .htaccess
The content of the file is as follows

Copy code The code is as follows:

# options the .htaccess files in directories can override.
# Edit apache/conf/httpd.conf to AllowOverride in .htaccess
# AllowOverride AuthConfig
# Stop the directory list from being shown
Options -Indexes
# Controls who can get stuff from this server.
Order Deny,Allow
Deny from all
Allow from localhost

Other web environments such as iss and nginx are similar.

class imgdata{
public $imgsrc;
public $imgdata;
public $imgform;
public function getdir($source){
$this->imgsrc = $source;
}
public function img2data(){
$this->_imgfrom($this->imgsrc);
return $this->imgdata=fread(fopen($this->imgsrc,'rb'),filesize($this->imgsrc));
}
public function data2img(){
header(“content-type:$this->imgform”);
echo $this->imgdata;
//echo $this->imgform;
//imagecreatefromstring($this->imgdata);
}
public function _imgfrom($imgsrc){
$info=getimagesize($imgsrc);
//var_dump($info);
return $this->imgform = $info['mime'];
}
}
$n = new imgdata;
$n -> getdir(“1.jpg”); //图片路径,一般存储在数据库里,用户无法获取真实路径,可根据图片ID来获取
$n -> img2data();
$n -> data2img();

This code reads the image and then outputs it directly to the browser. Before reading and outputting, the user permissions are judged.
When PHP reads images here, it does not refer to the reading path, but to reading the content of the image, and then through
Header(); Input the image type, such as gif png jpg, etc. The content of the image is output below, so fread()
is used In fact, when you see image.php?id=100, this image is displayed on the browser, and when you view the source file, you will not see the path to the image, but the garbled image content.
===========================================
Similar to the encrypted photo album of QQ space, it can only be accessed by entering a password, and the photo address in the encrypted photo album directly entered into the browser cannot be accessed. My current idea is that the address of the image is a php file, and the permissions are verified through php, the image is read, and output. I wonder if there is a simpler and more efficient way besides this method? For example, generate a temporary browsing address and use some anti-hotlink plug-ins of nginx?
You can use ngx_http_auth_basic_module to accomplish this.

Modify configuration file

Copy code The code is as follows:

location / {
root /usr/local/nginx/html;
auth_basic “Auth”;
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
index index.php index.htm;
}


auth_basic The Auth in "Auth" is the title of the pop-up box (enter username and password)
/usr/local/nginx/conf/htpasswd in auth_basic_user_file /usr/local/nginx/conf/htpasswd; is the file that saves the password


PHP prohibits image hotlinking
1. Assume that the host domain name allowed to link to the image is: www.test.com
2. Modify httpd.conf

Copy code The code is as follows:

SetEnvIfNoCase Referer “^http://www.test.com/” local_ref=1
ed6494781dcd7e11185aed5408221d21
Order Allow,Deny
Allow from env=local_ref
d4f50085796fcbc8b99545763f01d848

This simple application can not only solve the problem of hotlinking of pictures, but with slight modifications can also prevent the problem of hotlinking of any files.
When using the above method to connect images from a non-specified host, the image will not be displayed. If you want to display a "hot link prohibited" image, we can use mod_rewrite to achieve this.
First, when installing apache, add the –enable-rewrite parameter to load the mod_rewrite module.
Assuming that the "No Hotlinking" image is abc.gif, we can configure it in httpd.conf like this:

Copy code The code is as follows:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?test.com /.*$ [NC]
RewriteRule .(gif|jpg)$ http://www.test.com/abc.gif [R,L]

When the host's image is stolen, you will only see the "abc.gif" picture that says "hotlinking is prohibited"!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn