Hide real path of images in php is possible?

Question

In my web server, I have these files. I don't want user to find out my real path to "p1.jpg" and "p2.jpg".

file on server

When i show "p1.jpg" in "index.php", how to hide original path "/images/p1jpg" to something like this "/photo/p1.jpg". Is it possible?

Try using the `.htaccess` file and make Apache Rewrites: http://httpd.apache.org/docs/2.0/misc/rewriteguide.html — EM-Creations, Jul 17 '15 at 08:48
Question: why?! What's the purpose of this? What advantage would anyone have knowing the "real location" of a file? What problem does that pose to you? — deceze, Jul 17 '15 at 08:57

CT14.IT · Accepted Answer · 2015-07-17T09:17:54.823

5

So as I see it, there are two parts to this.

1) Make it so the contents of images/ is hidden

2) Make it so a person can access photos/somefile.jpg and have the server serve images/somefile.jpg

1) Hide contents of images/

Create a .htaccess file in images/ and put the following in it

Order allow,deny
Deny from all

2) Serving the file

Create a .htaccess file in the photos/ and put the following in it

RewriteEngine On
RewriteRule ^([a-zA-Z0-9_.-]+).jpg$ photo.php?image_name=$1

And create the php file photo.php in the photos/ directory

<?php

if(isset($_GET['image_name'])){

  if(file_exists("../images/" . $_GET['image_name'].".jpg")){

      header('Content-Type: image/jpg');
      readfile("../images/" . $_GET['image_name'].".jpg");
  }

}

I'm doing that blind, but will test in a sec!

edited Jul 17 '15 at 09:17

answered Jul 17 '15 at 08:57

CT14.IT

1,635
1
15
31

While this is a working solution, what's the advantage of dragging out PHP here? Unless you're doing some additional authentication logic, PHP is doing the same job Apache could be doing, but using a ton more resources in the process. – deceze Jul 17 '15 at 09:00
A valid point, purely from my own experience with PHP (and lack of experience with the more complex parts of Apache!), I've got the job done using PHP, but I completely agree, if it's possible using Apache alone, do that. – CT14.IT Jul 17 '15 at 09:06
All you need is @EM-Creation's solution; you're just trying to *rewrite* the URL. That plus your blocking of the original URL is fine. Having said that, I'm still questioning the entire premise of why someone needs this to begin with. – deceze Jul 17 '15 at 09:07
I've avoided the rewrite process and only created the IMAGE.PHP for the process and it works great!. I needed to hide the images names because are refered to our client's ID and we preffer the hide this "internal" information so And to achieve the purpose the IDs are sent encrypted and IMAGE.PHP decrypt them before calling the real image . Calling the image -> – Jordi Feb 09 '17 at 08:57

score 3 · Answer 2 · answered Jul 17 '15 at 08:50

3

Use Apache Rewrites.

I'm not that experienced with Apache Rewrites but you might create a .htaccess file in that directory which contains a line something like this:

RewriteRule   ^/photos/(.+).jpg$  /images/$1   [R]

answered Jul 17 '15 at 08:50

EM-Creations

4,195
4
40
56

can you describe what happen after applying this code? or can you suggest best source to learn about **.htaccess** file. – Thusitha Wickramasinghe Jul 17 '15 at 08:55
@Thusitha Please click the link I posted in the answer. Also, look up Regular Expressions. – EM-Creations Jul 17 '15 at 08:59

Hide real path of images in php is possible?

2 Answers2

Linked