Solved

Managing access to graphics using .htaccess and mod_rewrite

Posted on 2011-09-04
5
347 Views
Last Modified: 2012-05-12
I have a directory of graphics that I now want to manage access to.

In the past, I have linked to the graphics like this:
http://www.mysite.com/images/thesegraphics/19002/image.jpg

Each graphic is called "image.jpg" and resides in a directory named by the graphic ID, in the example above 19002

Now, if the user of 19002 set permissions to "not public" it still serves it up.  

So what I want is a quick PHP script that when someone links to the graphic like above, it is actually being served by:

http://www.mysite.com/scripts/getimg.php?id=19002

Which will then check the permissions for that graphic and either serve it back or serve back a default "private" graphic.

I think I should be able to do this with mod_rewrite but despite googling and reading and tinkering for a few hours I can't get it to work.  Hoping someone here can give me a quick example.  Here was my latest attempt:

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^thesegraphics/([0-9]+)/image.jpg http://www.mysite.com/scripts/getimg.php?id=$1 [NC]

Open in new window

0
Comment
Question by:trippy1976
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
si_shamil earned 500 total points
ID: 36484456
Try:
Options +FollowSymlinks
RewriteEngine on
RewriteRule ^images/thesegraphics/([0-9]+)/image.jpg http://www.mysite.com/scripts/getimg.php?id=$1 [L,QSA]

Open in new window

0
 
LVL 4

Author Comment

by:trippy1976
ID: 36485342
Thank you!

Is there any way to do it so that people don't realize (i.e. the URL stays the same)

http://www.mysite.com/images/thesegraphics/19002/image.jpg

would still show up in my browser.
0
 
LVL 5

Expert Comment

by:si_shamil
ID: 36485468
yes it's possible, with the above .htaccess file.

create file in script and call it getimg.php, then paste following code:
<?php
$file = realpath("images/thesegraphics/{$_GET['id']}/image.jpg");

if (file_exists($file)) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename='.basename($file));
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
}

Open in new window


should work. read here for more info
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 36486761
>>> (i.e. the URL stays the same)

If you remove the protocol and host from the destination, you ake it a rewrite, instead of a redirect:

RewriteRule ^images/thesegraphics/([0-9]+)/image.jpg /scripts/getimg.php?id=$1 [L,QSA]

Open in new window

0
 
LVL 4

Author Comment

by:trippy1976
ID: 36488281
routinet:  Thank you for the information.  I actually discovered this on accident.  It also makes the re-write compatible accross domains which is important for me (I do testing on test. and prod is www. so not having a hard coded domain name makes the .htaccess file portable)
0

Featured Post

Database Solutions Engineer FAQs

In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller single-server environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question