Login

Marcel · 08-12-2016, 01:36 AM

Hi all

i have my whole codeigniter placed outside my root except for the assets (css,js)

i use a php script to display my images in the view like so

Code:
<img class="img-circle" src="../image.php?img=me.jpg" alt="">

the image.php contents look like this

PHP Code:
<?php  

  header('Content-Type: image/jpg');
  readfile("../images/" . $_GET['img']);
   
?>

I would like to prevent a non logged on user to link to my images using the url:

https://mydomaine.be/image.php?img=avatar.png

is there a way to do this.

i have tried placing code inside the image.php (if ci loggedinuser bla bla) but i dont have access to the CI core inside my image.php so dont work.
by the way the image.php is in the root. (http://www.mydomain.be/image.php)

what would be the best way to achieve this

thanks to all

PaulD · 08-12-2016, 12:38 PM

It depends how you are logging your users (or at least recognizing they are logged in). If it is in a cookie, you know the cookie name, just interrogate the cookie using standard php. If you are using a flag in a database table, again just connect to and interrogate the database using standard php. Would that not do what you are looking for?

Ivo Miranda · 08-12-2016, 01:04 PM

If your prob is not having CI why not just define absolute paths for:
$system_path and $application_folder
and then require the index.php in your php file also as absolute path

Diederik · 08-12-2016, 01:48 PM

To do what you want you should create a 'image' controller and let CI spit out the correct image.

But if you want to prevent hotlinking, perhaps its easier to disable that through .htaccess.