我有一个允许用户将文件上传到服务器上的应用程序。所有的文件都存储在名为上传文件一个目录（其中有缩略图目录内）。

I have an application that let users to upload files to server. All files are stored in one directory called Uploaded Files (which has Thumbnails directory inside).

什么是最常见的方式为preventing用户看到这些文件？我的意思是，我不希望用户通过键入URL如 / path_to_website /上传文件/ 1.png 来查看这些文件。

What are the most common ways for preventing users to see these files ? I mean I don't want users to see the files by typing URL like /path_to_website/Uploaded Files/1.png.

在另一边，授权用户应该能够得到一个包含路径的文件，就像一个页面来查看这些文件： ../上传的文件/ 1.JPG ， ../上传的文件/ 2.png ， ../上传的文件/ 3.gif 。这些用户应该能够只看到他们出现在了网页上的文件，也就是我想prevent他们看到 ../上传的文件/ 823.gif 例如。

On the other side, authorized users should be able to see the files by getting a page that contains paths to files, like: ../Uploaded Files/1.JPG, ../Uploaded Files/2.png, ../Uploaded Files/3.gif. These users should be able to see only the files that appear on the page they got, i.e. I want to prevent them to see ../Uploaded Files/823.gif for example.

请帮助理解这样的事情完成这些天。

Please help to understand how this kind of things are done these days.

非常感谢！

推荐答案

您可以将图像转换成一个文件夹出方的公共目录，然后通过PHP串流到被允许查看它们谁的用户。通过使用）手册中的PHP 头（详细方法的一个非常基本的输出（见实施例1）。

You can move the images into a folder out side the public directory and then stream them in via PHP to the users who are allowed to view them. By using the method detailed in the PHP header() manual for a very basic output (see Example 1).

否则，你可以把一个.htaccess文件包含的文件夹中：

Otherwise you could put a .htaccess file in the folder containing:

deny from all

如果您正在运行的Apache，但你仍然需要流出来，通过PHP。

if you are running Apache, but you still need to stream it out through PHP.