我正在建立一个会员的管理数据库。我想将所有成员图片放在网站根目录上方,以便它们无法通过网址访问,但我想在会员资料中显示该成员的图片。我正在使用PHP。我怎样才能做到这一点?!谢谢!
答案 0 :(得分:1)
您可以创建一个基于某些输入参数读取文件的php文件,同时决定是否允许访问者查看该文件。
像这样(简化示例):
<?php
// presuming this file is in the root of your site
// define some directory where the actual images are
$dir = realpath( dirname( __FILE__ ) . '/../profile-images' );
// presuming this file is called with something like
// image.php?profileImage=fireeyedboy.jpg
if( isset( $_GET[ 'profileImage' ] ) )
{
// strip all possible redundant paths
// you should probably sanitize even more (check valid extensions etc.)
$profileImage = basename( $_GET[ 'profileImage' ] );
if( $someConditionsThatVisitorIsAllowedToViewThisImageAreMet )
{
// presuming mime type jpeg for now
header( 'Content-Type: image/jpeg' );
readfile( $dir . '/' . $profileImage );
exit();
}
else
{
// conditions are not met, dish out HTTP/1.1 403 Forbidden header
header( 'HTTP/1.1 403 Forbidden', true );
exit();
}
}