Jump to content

Recommended Posts

PHP can access outside of the document_root. Use ../ to one level higher in the document tree, eg

 

include $_SERVER['DOCUMENT_ROOT'] . '../secret/file.ext';

 

Say your directory structure is like this

 

/ (root)
|
+--home
  |
  +-- secret (where you files are)
  |    |
  |    +-- file.ext
  |
  +-- public_html (document root)

 

$_SERVER['DOCUMENT_ROOT'] returns your sites document root ( eg /home/public_html/) Now the ../ tells PHP to go out of the public_html directory into the /home/ directory and load file.ext in /home/secret

 

You can ofcourse use an absolute path.

 

Just tested it and it didn't work.

 

It was probably something I did as I'm quite new to php.

 

Here's what I tried:

<?php
include $_SERVER['DOCUMENT_ROOT'] . '../test/slayer.preview.jpg';
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<body>

<a><img src="slayer.preview.jpg"></a>

</body>
</html>

 

 

I uploaded it here and i just get errors:

www.test.llamafiend.com/test.php

You cannot serve images that are out side of your document root. Images on your site will always be downloaded locally to the users computer. There is no way to protect your images.

 

Also the code I posted was only an example. What you're trying to do is not possible

you can look into javascript to load the image, after the page has loaded. Or use innerHTML to replace the image, protecting it slightly

 

What? In order to view the image, the browser must download it... somewhere!

 

This was just to test it what I'm intending to do is load video into a flash player.

 

Huh? Same goes for above. If the user is viewing it, they're caching it.

i said some security, as the image url, will be shown as one image in the source code, but the js will load a different image,

 

and nothing is stopping them stealing content, you can try a few js tricks, like no right click, but js can be disabled

i said some security, as the image url, will be shown as one image in the source code, but the js will load a different image,

 

and nothing is stopping them stealing content, you can try a few js tricks, like no right click, but js can be disabled

 

You don't quite understand what I'm saying... The file is already on their computer. Masking stuff doesn't add anything.

  • 2 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.