[eluser]Harold Villacorte[/eluser]
Here is a quick and easy way to protect a public image folder. Put this code in index.php in the image directory. As you can see a certain cookie is required to access the script:
Code:
<?php if (!isset($_COOKIE['your_access_cookie'])) exit ('No direct script access allowed');
if (isset($_GET['image']))
{
// Parse the uri.
$array = explode('.', $_GET['image']);
// Get the file extension.
$ext = $array[1];
// Check for the file.
if (!file_exists($_GET['image']))
{
exit ('File not found.');
}
// Serve the file.
else
{
// Set the header file type.
header('Content-Type: image/' . $ext);
// Return the image file.
return readfile($_GET['image']);
}
}
else
{
exit ('Invalid request.');
}
/* End of file index.php */
Then route all requests to the index.php GET request with .htaccess:
Code:
DirectoryIndex index.php
RewriteEngine on
RewriteCond $1 !^(index\.php)
RewriteRule ^(.*)$ index.php/?image=$1 [L]
This script can obviously use much improvement but it is good starting point to turn a public folder into a secured image server.
If you have not done so yet try writing a secure file service application using CI's XML-RPC class. It is a worthwhile effort.
