cs.punk Posted July 8, 2009 Share Posted July 8, 2009 To start the topic, I am trying to build a members-only website for a certain client.. Of which members are allowed to view other ‘members’ photos only if they reside on the members ‘friend list’ (like facebook and such)… The problem is, all the photos are stored in a easily accessible directory (example.com/images/example_friend77_photo1.jpeg)… So far, from what I have read up on, the solution is to create a image folder out of my public_html folder Like This /images /public_html //index.php //other.php Is this 100% certain that users won’t be able to load these images from this folder? Secondly… How do I access this folder?.. the basic HTML img tag won’t work.. What funny PHP thing do I do? Thanks guys and girls(if there are)… I really have no idea why some of you even waste your time with us.. I hope one day I could help nearly as much as some of you guys have helpen(yes yes I know) me… Quote Link to comment Share on other sites More sharing options...
allenskd Posted July 8, 2009 Share Posted July 8, 2009 well, I'm certain it can be done, you could dynamically call each photo outside the public_html folder and output its content. like, file read the content, change the header() to the image's mime type so the browser knows what data is being outputted. Or, you can just simply put a .htaccess file and make it strict that no one can see the insides of the folder. which is another solution Quote Link to comment Share on other sites More sharing options...
cs.punk Posted July 9, 2009 Author Share Posted July 9, 2009 Uhm, the .htaacces won't work for the reason of uhm how am I ment to view the files inside lol. I'll try googling again... Maybe this time Im lucky Quote Link to comment Share on other sites More sharing options...
Philip Posted July 9, 2009 Share Posted July 9, 2009 well, I'm certain it can be done, you could dynamically call each photo outside the public_html folder and output its content. like, file read the content, change the header() to the image's mime type so the browser knows what data is being outputted. public_html/image.php?id=123456 is called, checks to see if current user is logged in yes - read 123456's image data (from under the public_html folder), output with correct header no - don't display image Really, no matter what I could go to a facebook photo, right-click and get the image url and give that to you and you could see it - even if you didn't have the permissions to view it originally. Yeah, it would just be the image, no comments, info, etc, but it is still the image. Quote Link to comment Share on other sites More sharing options...
cs.punk Posted July 10, 2009 Author Share Posted July 10, 2009 Right.... And I hate facebook! Now I can work on being 'better' than facebook lol... Anyway I don't like this 'header' thing it... It's just not the right thing for the job... I wrote something here: $originalpicture = "../../xtc_html/photos/{$result['user']}_{$result['user_id']}_{$result['file_count']}.jpeg"; $timestamp = time(); $md5_name = basename($originalpicture); $tmp_newname = md5($md5_name) . md5($timestamp) . ".jpeg"; $tmpic = "photos/" . $tmp_newname; copy ($originalpicture, $tmpic); echo "<img src='$tmpic'/>"; unlink ($tmpic); Although I can't get it to work unless I remove (unlink ($tmpic) the last line... Should I set up a '10 minutey' delete robot of some sort? Quote Link to comment Share on other sites More sharing options...
phorman Posted August 15, 2009 Share Posted August 15, 2009 The headers method is really the only correct way to do what you are wanting to do. Why don't you like it. The problem is that you don't want just anybody seeing the photos, you want to control it by who has access to see what. You could do it the way you described, but unlinking a file deletes it. Why copy the file only so you can display the file and then delete the file. PHP is a scripting language that can serve up text, html, css, images of any type, .pdf files... the list goes on. What determines what the browser sees is the MIME type in the header. Set the header MIME type to .jpeg, or .gif, or .png, whichever the image is you want to display, then use the code you have written but take out the copy and the unlink statemets. Now just echo out the image. You would now have a dynamic link to your files that you can store in your database whenever you need to show a picture. So when your program builds the interface, you end up with: < img src="image_viewer.php?id=aWRTDGhdfhaw"> which when looked at on the monitor displays your image, neither copied or deleted. Quote Link to comment Share on other sites More sharing options...
cs.punk Posted August 19, 2009 Author Share Posted August 19, 2009 The headers method is really the only correct way to do what you are wanting to do. Why don't you like it. The problem is that you don't want just anybody seeing the photos, you want to control it by who has access to see what. You could do it the way you described, but unlinking a file deletes it. Why copy the file only so you can display the file and then delete the file. PHP is a scripting language that can serve up text, html, css, images of any type, .pdf files... the list goes on. What determines what the browser sees is the MIME type in the header. Set the header MIME type to .jpeg, or .gif, or .png, whichever the image is you want to display, then use the code you have written but take out the copy and the unlink statemets. Now just echo out the image. You would now have a dynamic link to your files that you can store in your database whenever you need to show a picture. So when your program builds the interface, you end up with: < img src="image_viewer.php?id=aWRTDGhdfhaw"> which when looked at on the monitor displays your image, neither copied or deleted. For the reason of, you can only send the header once, otherwise you get an error Meaning your photo 'display' will have design disadvantages. Quote Link to comment Share on other sites More sharing options...
simonp Posted September 20, 2009 Share Posted September 20, 2009 < img src="image_viewer.php?id=aWRTDGhdfhaw"> which when looked at on the monitor displays your image, neither copied or deleted. What code would I use in image_viewer.php? I'm trying to do the same thing btw! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.