There is a PHP-Apache site with pictures, access to which is given only to registered users. This prohibition is now implemented through the .htaccess file, where allowed IP addresses are added for the duration of the session.

Is there a better way to access these pictures? A variant with the generation of images through a script, or just the return of a file through a php script will probably be slow and heavy?

    2 answers 2

    Usually in such cases, the file is not given directly, but the PHP request_uri is passed to the script, which checks for access to the downloaded file, and the file itself is physically located outside the public directory of the web server.
    For Apache, you can use mod_xsendfile, for Nginx I used X-Accel-Redirect.
    You can generally use readfile in PHP, but this method will affect the load on the server.

    • Yes, before that I simply did for logged-in users permission for their ip address. Now I tried through the script, but the load jumped. So I will look at your option, ATP - yavafree
    • You should not bind to an IP address at all. This is not a unique feature, it can vary within a session and even be the same for several users. Especially important for small towns and cities. - ilyaplot
    • one
      Mod-xsendfile what you need, ATP - yavafree

    Well, it will be a little slower, but as far as I understand your task, you are more likely to return the php image script. Three options:

    1. Deny access to the directory via htaccess file (to everyone, but only the ability to view the contents of the directory) and let the script check if the user is logged in, and if so, give a direct path to the picture
    2. Make the first option, just replace htaccess by simply placing the index.php file with a redirect or so on at the root of the picture directory.
    3. The most successful solution in my opinion is to store the pictures in the database in the form of base64 and give it to the script with the user checking for login.
    • This project will have a big load, ... will not everything collapse during the script? like how does facebook do it? - yavafree
    • Well, if a big load, then the server will probably be “big”) So I don’t think - Eugene Sukhodolskiy
    • ATP, I will try the script version. - yavafree
    • At option with return through readfile too big loading I will try council below. - yavafree