Solved

Managing access to graphics using .htaccess and mod_rewrite

Posted on 2011-09-04
5
340 Views
Last Modified: 2012-05-12
I have a directory of graphics that I now want to manage access to.

In the past, I have linked to the graphics like this:
http://www.mysite.com/images/thesegraphics/19002/image.jpg

Each graphic is called "image.jpg" and resides in a directory named by the graphic ID, in the example above 19002

Now, if the user of 19002 set permissions to "not public" it still serves it up.  

So what I want is a quick PHP script that when someone links to the graphic like above, it is actually being served by:

http://www.mysite.com/scripts/getimg.php?id=19002

Which will then check the permissions for that graphic and either serve it back or serve back a default "private" graphic.

I think I should be able to do this with mod_rewrite but despite googling and reading and tinkering for a few hours I can't get it to work.  Hoping someone here can give me a quick example.  Here was my latest attempt:

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^thesegraphics/([0-9]+)/image.jpg http://www.mysite.com/scripts/getimg.php?id=$1 [NC]

Open in new window

0
Comment
Question by:trippy1976
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
si_shamil earned 500 total points
ID: 36484456
Try:
Options +FollowSymlinks
RewriteEngine on
RewriteRule ^images/thesegraphics/([0-9]+)/image.jpg http://www.mysite.com/scripts/getimg.php?id=$1 [L,QSA]

Open in new window

0
 
LVL 4

Author Comment

by:trippy1976
ID: 36485342
Thank you!

Is there any way to do it so that people don't realize (i.e. the URL stays the same)

http://www.mysite.com/images/thesegraphics/19002/image.jpg

would still show up in my browser.
0
 
LVL 5

Expert Comment

by:si_shamil
ID: 36485468
yes it's possible, with the above .htaccess file.

create file in script and call it getimg.php, then paste following code:
<?php
$file = realpath("images/thesegraphics/{$_GET['id']}/image.jpg");

if (file_exists($file)) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename='.basename($file));
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
}

Open in new window


should work. read here for more info
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 36486761
>>> (i.e. the URL stays the same)

If you remove the protocol and host from the destination, you ake it a rewrite, instead of a redirect:

RewriteRule ^images/thesegraphics/([0-9]+)/image.jpg /scripts/getimg.php?id=$1 [L,QSA]

Open in new window

0
 
LVL 4

Author Comment

by:trippy1976
ID: 36488281
routinet:  Thank you for the information.  I actually discovered this on accident.  It also makes the re-write compatible accross domains which is important for me (I do testing on test. and prod is www. so not having a hard coded domain name makes the .htaccess file portable)
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now