访问受密码保护的目录

发布于 2024-10-18 06:17:28 字数 116 浏览 7 评论 0原文

我有密码保护 / public_html /images 文件夹,这样就没有人可以看到所有图像。但是现在,当我打开需要显示特定 iamge 的 php 页面时,我会看到登录屏幕..如何从 php 访问受密码保护的文件夹

i have password protected / public_html /images folder so that no one can see all images. But now when I am opening php page in which i need to dispaly specific iamge then i am getting login screen.. how to access password protected folder from php

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

花落人断肠 2024-10-25 06:17:28

尝试为图像创建两个文件夹。一个用于公共图像(您将在 php 脚本中找到其 href),另一个用于您只想访问自己的私有图像。

或者,如果您希望将它们全部放在一个受密码保护的文件夹中,则您的服务器上需要有一个 PHP 脚本,该脚本将采用文件名参数。从磁盘中读取该图像,然后将其带有正确的标头推送给用户。你的 html 将会有类似下面的内容

<img src="image.php?name=foo.jpg">

Try creating two folders for images. One for public images (which you will have href's to in your php script), the other for private images which you only want access to yourself available for.

Alternatively if you want them all in the one password protected folder you need to have a PHP script on your server which will take a filename argument. Read that image off disk and then push it to the user with correct headers. Your html will have something like the following

<img src="image.php?name=foo.jpg">
ㄟ。诗瑗 2024-10-25 06:17:28

你想阻止什么?您是否想阻止某人看到图像文件名,但允许他们在知道文件名后检索任何图像?在这种情况下,请删除该特定目录的读取权限:

chmod 711 /path/to/directory

这样,除了目录所有者之外,任何人都无法从该目录中检索文件名列表,但仍然允许访问这些文件(1 是只是目录的执行权限,这是“目录遍历”所需的)。

当然,您必须确保图像文件名确实无法被猜测,并希望您的用户不会通过 URL 传播(这是绕过 Facebook 等常见网站的访问控制的简单方法)。如果您确实只想访问经过身份验证的用户、授权用户或类似的用户,请在程序中进行适当的访问控制检查。

What do you want to prevent? Do you want to prevent someone from seeing the image filenames, but allow them to retrieve any image once they know the filename? In that case, remove read privilege for that specific directory:

chmod 711 /path/to/directory

This way, no one except the directory owner can retrieve the list of filenames from the directory, but access to the files is still allowed (the 1 is just the execute privilege for the directory, required for 'directory traversal').

Of course, you have to make sure you image file names are really unguessable, and hope that your users do not spread around the URLs (which is an easy way to bypass access controls on common sites, such as Facebook). Do decent access control checks in your program if you really want access to only authenticated users, or authorized users, or something similar.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文