LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 11-25-2004, 10:22 PM   #1
woranl
Member
 
Registered: Apr 2003
Location: Toronto
Distribution: Fedora Core
Posts: 119

Rep: Reputation: 15
.htaccess + PHP, without password prompt


Hi

I've a website, in which one folder stores images. I don't want my visitors to download my images by inserting the image's path into the browser's location bar. (They can only access to those images from my website.)

This is what I want:

Visitor --> PHP --> Image

and NOT

Visitor --> Image

The image folder can only be access through a server side PHP script


I'm able to protect my image folder using .htaccess.
What do I need to do, so that the PHP script will login to my image folder automatically whenever the script is called without popping up a window asking me for username + password?


Is it possible (if so, how) to include my login+password in the header... so, whenever I call an image from PHP code, PHP will use that login info to access the required image. By doing this, one must go through my script in order to access the image; thus, blocking hotlinking or direct displaying
(This may not be a perfect idea)

Thanks in advance


 
Old 11-26-2004, 03:49 AM   #2
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 47
What you're describing can't be done without a good deal of needless work. The most practical thing would be to use Apache's mod_rewrite:

Code:
RewriteEngine    On
RewriteCond      %{HTTP_REFERER}      !www\.yourdomain\.com
RewriteRule      /images/.*           - [F]
 
Old 11-26-2004, 08:01 AM   #3
woranl
Member
 
Registered: Apr 2003
Location: Toronto
Distribution: Fedora Core
Posts: 119

Original Poster
Rep: Reputation: 15
sigsegv,

I copy your code to my .htaccess file and when I try to access images from the protect folder (calling from a php page on my webserver), it's giving me a 403 Forbidden error.

I've already checked that the mod_rewrite module is loaded.

Can you explain what those 3 lines of code mean ?

The code you gave me can avoid the images from direct displaying?
 
Old 11-26-2004, 10:07 AM   #4
Cedrik
Senior Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 2,140

Rep: Reputation: 244Reputation: 244Reputation: 244
If you can use flash plugin, you could make a sort of flash applet that load images
dynamically. The suggestion from sigsegv requires editing the httpd.conf which may
be not available to you if you use a web hosting provider.
 
Old 11-26-2004, 12:17 PM   #5
woranl
Member
 
Registered: Apr 2003
Location: Toronto
Distribution: Fedora Core
Posts: 119

Original Poster
Rep: Reputation: 15
in my case, flash won' t help. . . because my site is near to the end of development, I just need to protect the directory, and that's it. . . I don't have the time for flash anymore

regarding to hosting, that's not a problem.. because we have our own webserver running apache 2


How do I protect my folder? I can't get .htaccess + mod_rewrite to work
 
Old 11-26-2004, 01:04 PM   #6
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 47
Quote:
If you can use flash plugin, you could make a sort of flash applet that load images
dynamically. The suggestion from sigsegv requires editing the httpd.conf which may
be not available to you if you use a web hosting provider.
Flash? Yuk.

And no, RewriteRules don't require httpd.conf access. That's why the fine folks at Apache have the .htaccess file ...

As for what the directives do:

Code:
# Turn on the rewrite engine
RewriteEngine    On
# If the HTTP_REFERER doesn't contain "(www.)?yourdomain.com" (case insensitive)
RewriteCond      %{HTTP_REFERER}      !^http://(www\.)?yourdomain\.com  [NC]
# throw a 403 on /images/*
RewriteRule      /images/.*        - [F]
So, if a user tries to come get your images directly (which will cause the HTTP_REFERER to not be set), the server will 403 on them.

This will slow down most people, but there's no way to stop someone from getting the images if they really want them, short of not having them on the server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
htaccess and php automation belorion Programming 3 01-18-2005 04:23 PM
video streaming in .htaccess password protected directories Houseofcyn Linux - Newbie 1 12-20-2004 02:05 PM
Apache2 .htaccess - Unable To Get Password Prompt. magestic Linux - Software 2 10-27-2004 08:49 AM
php and htaccess msound Programming 1 05-01-2004 10:18 PM
Apache 2.0 - mod_auth .htaccess prompt comes up but wont accept bkeating Linux - Software 1 11-17-2003 10:39 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 08:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration