Restrict direct access to folder php

I have this site where I upload images. The content is only viewable to the logged in user. (using very simple session based authentication). Now the site is working fine, but the problem is when I directly access the images folder through the url bar all the images become available. I want to restrict direct access to folder as well, so it would display some error or will require authentication. How would I do that? Thank you.


place following line in .htaccess file

Options -Indexes

Solution with mod_rewrite to prevent direct access to files.

You need rewrite rules for your images, put this in the .htaccess file in your image folder:

Options +FollowSymLinks
RewriteEngine On
RewriteRule ^(.+\.jpg)$ img.php?img=$1 [L]

So all jpg requests will be redirected to the img.php script, which contains the your logic:

//do your check here
$loggedin = true;
    $remoteImage = $_GET["img"];
    $imginfo = getimagesize($remoteImage);
    header("Content-type: ".$imginfo['mime']);
    echo "You are not logged in!";

If you want to add more image types, replace jpg with (jpg|gif|png etc). The PHP script should contain some checks to prevent reading of other files etc.

Just place an empty index.php in the image folder, so the files won't be listed via the webserver.

If you want to prevent direct access to the images you will have to place your images outside your document root or prevent the webserver from serving images from that folder.

Then create a php file that checks if the user is logged in and serve the image based on a parameter.

You can the either use it like Or use url rewriting to proxy the image calls to your php script.

    //do some header stuff here like content length and content type
    $image = lookup_image_from_parameter($_REQUEST['image']);
    die('Access not allowed');

Need Your Help

How to Set Custom Font for Action bar or Activity title Android?

android spannablestring

I am trying to change font for Activity title, but its not working. Please suggest? I am trying like this