Asked
Updated
Viewed
17.2k times

I'm developing a gallery but we want to hide the path where the image is stored using PHP. For example if we have an image located at:

https://www.domain.com/images/gallery/001.jpg

We would alternatively like them to access it at:

https://www.domain.com/image.php?id=1

Is that possible and how?

  • 0
    You cant hide it, but you can make it tough to find. — SpooF
add a comment
1

2 Answers

  • Votes
  • Oldest
  • Latest
Answered
Updated

It's very much possible but you'll need to do some extra work, and I don't really see the benefit of hiding the image path. The general idea is:

  1. Create a mapping between public identifiers to hidden paths / locations.
  2. Read the requested identifier when requested.
  3. Locate and output the translated location path to the image.

One way of going about this is to have a mapping from a number to the image path, for eg.:

$map = [
    1 => 'abc1/def2.gif',
    2 => 'something/xyz.jpg'
    3 => 'another_folder/123.png'
];

Alternatively you could possibly store this mapping in a database.

Then you can write a PHP script that outputs the image, as Bozebo described:

header('Content-type: image/???');

$id = $_GET['id'];
readfile($map[$id]);

exit;

Then, instead of directly giving the path to the image, you would use something like:

<img src="/image.php?id=2">
  • 0
    Wouldn't right-clicking on the image and selecting "view image in new tab" show the url still? — natas
add a comment
1
Answered
Updated

You can use sessions to block people from visiting the link directly, though there are of course many ways for them to get around it, but many people don't know how.

Then use getdata on a single file to take in the image id or name, and use .htaccess to rewrite it to .png, .jpg, etc. Have a directory structure such as:

images
- view.php
- .htaccess
- files
- - example.gif
- - funny.jpg
- - interesting.png

view.php checks the session, takes in the getdata of the image name, it then looks for the file in the files directory and grabs it and then shows the image at the url. So there is one url for them all eg: view.php?img=funny.gif

Then use the image handling functions to get the type image/gif and use the header('Content-type: image/gif') and use PHP's image handling functions to show the image.

The role of .htaccess is to hide the files directory, you could also use mod rewrite to spoof the image urls where they actually direct to one location. The whole purpose of this is so you can set the session on the main website then show the pictures there but the direct url to the image can show an alternate image describing "direct linking is disallowed" or such.

add a comment
0