?
Solved

How do you display pictures in html, not stored in public_html, wwwroot or similar?

Posted on 2008-02-08
7
Medium Priority
?
195 Views
Last Modified: 2008-02-09
I'm using a web hotel (apache). Would be nice if the pics weren't in the html-folder, so that it wouldn't be possible to deep link to them.

Can u do that?

/Dave

0
Comment
Question by:davidsperling
  • 4
  • 3
7 Comments
 
LVL 9

Accepted Solution

by:
waygood earned 2000 total points
ID: 20850912
Write a script to serve them. See storing images in Mysql database Blob fields for a better idea.

ie <img src="serve_pic.php?id=2"/>

Then the script would display the contents of the image using file(); of file_get_contents();

<?php
file('../protected_images/'.$_GET['id'].'.gif');
?>

You can then add as much security into the script as you want.
ie start a session, if session not started (image link in url only) get broken_file.gif instead of requested one.

0
 
LVL 4

Author Comment

by:davidsperling
ID: 20851279
Looks nice. Do you have a working example of this?
0
 
LVL 4

Author Comment

by:davidsperling
ID: 20851332
Btw, what's you're arguments for storing pics in blobs? Most people seems to dislike that idea. Makes the dateabase less managable for example.
0
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

 
LVL 9

Expert Comment

by:waygood
ID: 20851800
I did it for my first website and came to the conclusion it was rubbish too! I just suggested you look up the script in order to get an idea of how to serve images/files.

I don't have an example to hand, but this is a simple solution.

Two parts are attached here. the first if the code where you'll display the image, the second is display_pics.php which serves the image to the webpages.

// webpage
<?php
session_start();
$_SESSION['display_pics']=TRUE;
?>
<img src="display_pic.php?id=1"/>
 
// display_pic.php
<?php
if( (isset($_SESSION['display_pics'])) && ($_SESSION['display_pics']) )
{
  if( (isset($_GET['image_name'])) && (!empty($_GET['image_name'])) )
  {
    $image_name='../protected_images/'.eregi_replace('[^a-z0-9.]','',$_GET['image_name']);
    if(file_exists($image_name))
    {
      $header=mime_content_type($image_name);
      if(ereg("image",$header))
      {
         header('Content-type: '.mime_content_type($image_name));
         file_get_contents($image_name);
         exit();
       }
    }
  }
}
header("Content-Type: image/gif");
file('../protected_images/bad_image.gif');
?>

Open in new window

0
 
LVL 9

Expert Comment

by:waygood
ID: 20851888
sorry just coded that and made some changes that I didn't change in the first bit of code.

<img src="display_pic.php?id=1"/>  
should be:-
<img src="display_pic.php?image_name=pic1.gif"/>

and the function get_file_contents() should be readfile() as it outputs straight to the output buffer.

the egrei_replace() removes all characters that are not . a to z  or  0 to 9
this is to prevent anyone adding in subdirectories ie ../../../passwd.txt

A default image of bad_image.gif will be displayed if it isn't an image, it doesn't exit or no image was specified.
0
 
LVL 4

Author Comment

by:davidsperling
ID: 20857523
Thanks! Didn't get your example to work, but this worx:


Now I can't work it from here :-)

/Dave
<?php
    
    define("FILENAME","/home/my_hotel_account/pic_upload/logo.gif");
    
    header ("Content-Type: image/gif"); 
    readfile(FILENAME);
?>

Open in new window

0
 
LVL 4

Author Comment

by:davidsperling
ID: 20857538
I mean I *can* work it from here...
0

Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question