I have a website in PHP, in which I want to secure user uploaded images and files, either by encryption/decryption or by providing password security to corresponding directory.
So that only that user can see it and others will not be able to see or download it.
I have tried to secure it using .htaccess, it restricted outside user from accessing that directory. However I am passing those image links to Android and iOS APP. Due to restriction given by .htaccess those APP are not able to display those images.
Kindly let me know if you have any suggestion to secure it.
I would suggest that you place the uploaded images into a folder that is not publicly accessible, and create a script getimg.php or something to that extent, that checks the current user can access that image, and if they can then, then do something like this to serve the image:
header("Content-Type: image/jpeg");
$file = file_get_contents("/path/to/filestore/user2/file.jpg");
header("Content-Length: ".strlen($file));
echo $file;
exit();
You could return a 403 forbidden if the user does not have access
header("HTTP/1.1 403 Forbidden");
echo $errorMessage;
exit();