How do you display pictures in html, not stored in public_html, wwwroot or similar?

I'm using a web hotel (apache). Would be nice if the pics weren't in the html-folder, so that it wouldn't be possible to deep link to them.

Can u do that?

/Dave

LVL 4
davidsperlingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

waygoodCommented:
Write a script to serve them. See storing images in Mysql database Blob fields for a better idea.

ie <img src="serve_pic.php?id=2"/>

Then the script would display the contents of the image using file(); of file_get_contents();

<?php
file('../protected_images/'.$_GET['id'].'.gif');
?>

You can then add as much security into the script as you want.
ie start a session, if session not started (image link in url only) get broken_file.gif instead of requested one.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
davidsperlingAuthor Commented:
Looks nice. Do you have a working example of this?
0
davidsperlingAuthor Commented:
Btw, what's you're arguments for storing pics in blobs? Most people seems to dislike that idea. Makes the dateabase less managable for example.
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

waygoodCommented:
I did it for my first website and came to the conclusion it was rubbish too! I just suggested you look up the script in order to get an idea of how to serve images/files.

I don't have an example to hand, but this is a simple solution.

Two parts are attached here. the first if the code where you'll display the image, the second is display_pics.php which serves the image to the webpages.

// webpage
<?php
session_start();
$_SESSION['display_pics']=TRUE;
?>
<img src="display_pic.php?id=1"/>
 
// display_pic.php
<?php
if( (isset($_SESSION['display_pics'])) && ($_SESSION['display_pics']) )
{
  if( (isset($_GET['image_name'])) && (!empty($_GET['image_name'])) )
  {
    $image_name='../protected_images/'.eregi_replace('[^a-z0-9.]','',$_GET['image_name']);
    if(file_exists($image_name))
    {
      $header=mime_content_type($image_name);
      if(ereg("image",$header))
      {
         header('Content-type: '.mime_content_type($image_name));
         file_get_contents($image_name);
         exit();
       }
    }
  }
}
header("Content-Type: image/gif");
file('../protected_images/bad_image.gif');
?>

Open in new window

0
waygoodCommented:
sorry just coded that and made some changes that I didn't change in the first bit of code.

<img src="display_pic.php?id=1"/>  
should be:-
<img src="display_pic.php?image_name=pic1.gif"/>

and the function get_file_contents() should be readfile() as it outputs straight to the output buffer.

the egrei_replace() removes all characters that are not . a to z  or  0 to 9
this is to prevent anyone adding in subdirectories ie ../../../passwd.txt

A default image of bad_image.gif will be displayed if it isn't an image, it doesn't exit or no image was specified.
0
davidsperlingAuthor Commented:
Thanks! Didn't get your example to work, but this worx:


Now I can't work it from here :-)

/Dave
<?php
    
    define("FILENAME","/home/my_hotel_account/pic_upload/logo.gif");
    
    header ("Content-Type: image/gif"); 
    readfile(FILENAME);
?>

Open in new window

0
davidsperlingAuthor Commented:
I mean I *can* work it from here...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.