Laravel - Protect image folder from web access

Question

I am doing upload image functionality in my project. Here I am saving my files in public folder (public/img/myfiles/). I want to restrict the file access, if admin user is not logged in. (ie)

If i put the URL like

https://domain/img/myfiles/filename.jpg

It should redirect to login page

https://domain/login

How to do that? and I don't want to restrict particular image to associated user. As the user is admin, I want to give them full access to image folder.

Answer 1

You could try putting a line in your .htaccess file routing all requests for images through a PHP script that simply redirects to the login page if not admin, otherwise returns the requested image. Here's an idea of how it might look.

.htaccess file:

RewriteRule ^img/myfiles/(\w+)\.([a-z]{3,4})$ image.php?name=$1&type=$2 [L]

image.php file:

if(Auth::user()->role == 'admin') {
    header("Content-type: image/" + $_SESSION['type']);
    readfile("/path/to/image/" + $_SESSION['name'] + '.' + $_SESSION['type']);
else {
    header("Location: http://mysite.com/login");
}