Jump to content

Retrieve files from outside the 'public_html' directory


cs.punk

Recommended Posts

To start the topic,

I am trying to build a members-only website for a certain client.. Of which members are allowed to view other ‘members’ photos only if they reside on the members ‘friend list’ (like facebook and such)…

 

The problem is, all the photos are stored in a easily accessible directory  (example.com/images/example_friend77_photo1.jpeg)…

So far, from what I have read up on, the solution is to create a image folder out of my public_html folder

 

Like This

/images
/public_html
//index.php
//other.php

 

Is this 100% certain that users won’t be able to load these images from this folder?

 

Secondly… How do I access this folder?.. the basic HTML img tag won’t work..

What funny PHP thing do I do?

 

Thanks guys and girls(if there are)… I really have no idea why some of you even waste your time with us.. I hope one day I could help nearly as much as some of you guys have helpen(yes yes I know) me…

Link to comment
Share on other sites

well, I'm certain it can be done, you could dynamically call each photo outside the public_html folder and output its content. like, file read the content, change the header() to the image's mime type so the browser knows what data is being outputted.

 

Or, you can just simply put a .htaccess file and make it strict that no one can see the insides of the folder. which is another solution

Link to comment
Share on other sites

well, I'm certain it can be done, you could dynamically call each photo outside the public_html folder and output its content. like, file read the content, change the header() to the image's mime type so the browser knows what data is being outputted.

 

public_html/image.php?id=123456 is called, 
  checks to see if current user is logged in
     yes - read 123456's image data (from under the public_html folder), output with correct header
     no - don't display image

 

Really, no matter what I could go to a facebook photo, right-click and get the image url and give that to you and you could see it - even if you didn't have the permissions to view it originally. Yeah, it would just be the image, no comments, info, etc, but it is still the image.

Link to comment
Share on other sites

Right.... And I hate facebook! Now I can work on being 'better' than facebook lol...

 

Anyway  I don't like this 'header' thing it... It's just not the right thing for the job...

 

I wrote something here:

 

$originalpicture = "../../xtc_html/photos/{$result['user']}_{$result['user_id']}_{$result['file_count']}.jpeg";
$timestamp = time();

$md5_name = basename($originalpicture);
  
$tmp_newname = md5($md5_name) . md5($timestamp) . ".jpeg";

$tmpic = "photos/" . $tmp_newname;
copy ($originalpicture, $tmpic);
   
echo "<img src='$tmpic'/>";

unlink ($tmpic);

 

Although I can't get it to work unless I remove (unlink ($tmpic);) the last line...

 

Should I set up a '10 minutey' delete robot of some sort?

Link to comment
Share on other sites

  • 1 month later...

The headers method is really the only correct way to do what you are wanting to do.  Why don't you like it.

 

The problem is that you don't want just anybody seeing the photos, you want to control it by who has access to see what.  You could do it the way you described, but unlinking a file deletes it.  Why copy the file only so you can display the file and then delete the file.

 

PHP is a scripting language that can serve up text, html, css, images of any type, .pdf files... the list goes on.  What determines what the browser sees is the MIME type in the header.

 

Set the header MIME type to .jpeg, or .gif, or .png, whichever the image is you want to display, then use the code you have written but take out the copy and the unlink statemets.  Now just echo out the image.

 

You would now have a dynamic link to your files that you can store in your database whenever you need to show a picture.  So when your program builds the interface, you end up with:

 

< img src="image_viewer.php?id=aWRTDGhdfhaw">  which when looked at on the monitor displays your image, neither copied or deleted.

Link to comment
Share on other sites

The headers method is really the only correct way to do what you are wanting to do.  Why don't you like it.

 

The problem is that you don't want just anybody seeing the photos, you want to control it by who has access to see what.  You could do it the way you described, but unlinking a file deletes it.  Why copy the file only so you can display the file and then delete the file.

 

PHP is a scripting language that can serve up text, html, css, images of any type, .pdf files... the list goes on.  What determines what the browser sees is the MIME type in the header.

 

Set the header MIME type to .jpeg, or .gif, or .png, whichever the image is you want to display, then use the code you have written but take out the copy and the unlink statemets.  Now just echo out the image.

 

You would now have a dynamic link to your files that you can store in your database whenever you need to show a picture.  So when your program builds the interface, you end up with:

 

< img src="image_viewer.php?id=aWRTDGhdfhaw">  which when looked at on the monitor displays your image, neither copied or deleted.

 

For the reason of, you can only send the header once, otherwise you get an error :)

 

Meaning your photo 'display' will have design disadvantages.

Link to comment
Share on other sites

  • 1 month later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.