Retrieve files from outside the 'public_html' directory

[cs.punk]

To start the topic,

I am trying to build a members-only website for a certain client.. Of which members are allowed to view other ‘members’ photos only if they reside on the members ‘friend list’ (like facebook and such)…

 

The problem is, all the photos are stored in a easily accessible directory  (example.com/images/example_friend77_photo1.jpeg)…

So far, from what I have read up on, the solution is to create a image folder out of my public_html folder

 

Like This

/images
/public_html
//index.php
//other.php

 

Is this 100% certain that users won’t be able to load these images from this folder?

 

Secondly… How do I access this folder?.. the basic HTML img tag won’t work..

What funny PHP thing do I do?

 

Thanks guys and girls(if there are)… I really have no idea why some of you even waste your time with us.. I hope one day I could help nearly as much as some of you guys have helpen(yes yes I know) me…

[allenskd]

well, I'm certain it can be done, you could dynamically call each photo outside the public_html folder and output its content. like, file read the content, change the header() to the image's mime type so the browser knows what data is being outputted.

 

Or, you can just simply put a .htaccess file and make it strict that no one can see the insides of the folder. which is another solution

[cs.punk]

Uhm, the .htaacces won't work for the reason of uhm how am I ment to view the files inside lol.

 

I'll try googling again... Maybe this time Im lucky

[Philip]

well, I'm certain it can be done, you could dynamically call each photo outside the public_html folder and output its content. like, file read the content, change the header() to the image's mime type so the browser knows what data is being outputted.

 

public_html/image.php?id=123456 is called, 
  checks to see if current user is logged in
     yes - read 123456's image data (from under the public_html folder), output with correct header
     no - don't display image

 

Really, no matter what I could go to a facebook photo, right-click and get the image url and give that to you and you could see it - even if you didn't have the permissions to view it originally. Yeah, it would just be the image, no comments, info, etc, but it is still the image.

[cs.punk]

Right.... And I hate facebook! Now I can work on being 'better' than facebook lol...

 

Anyway  I don't like this 'header' thing it... It's just not the right thing for the job...

 

I wrote something here:

 

$originalpicture = "../../xtc_html/photos/{$result['user']}_{$result['user_id']}_{$result['file_count']}.jpeg";
$timestamp = time();

$md5_name = basename($originalpicture);
  
$tmp_newname = md5($md5_name) . md5($timestamp) . ".jpeg";

$tmpic = "photos/" . $tmp_newname;
copy ($originalpicture, $tmpic);
   
echo "<img src='$tmpic'/>";

unlink ($tmpic);

 

Although I can't get it to work unless I remove (unlink ($tmpic) the last line...

 

Should I set up a '10 minutey' delete robot of some sort?

[phorman]

The headers method is really the only correct way to do what you are wanting to do.  Why don't you like it.

 

The problem is that you don't want just anybody seeing the photos, you want to control it by who has access to see what.  You could do it the way you described, but unlinking a file deletes it.  Why copy the file only so you can display the file and then delete the file.

 

PHP is a scripting language that can serve up text, html, css, images of any type, .pdf files... the list goes on.  What determines what the browser sees is the MIME type in the header.

 

Set the header MIME type to .jpeg, or .gif, or .png, whichever the image is you want to display, then use the code you have written but take out the copy and the unlink statemets.  Now just echo out the image.

 

You would now have a dynamic link to your files that you can store in your database whenever you need to show a picture.  So when your program builds the interface, you end up with:

 

< img src="image_viewer.php?id=aWRTDGhdfhaw">  which when looked at on the monitor displays your image, neither copied or deleted.

[cs.punk]

The headers method is really the only correct way to do what you are wanting to do.  Why don't you like it.

 

The problem is that you don't want just anybody seeing the photos, you want to control it by who has access to see what.  You could do it the way you described, but unlinking a file deletes it.  Why copy the file only so you can display the file and then delete the file.

 

PHP is a scripting language that can serve up text, html, css, images of any type, .pdf files... the list goes on.  What determines what the browser sees is the MIME type in the header.

 

Set the header MIME type to .jpeg, or .gif, or .png, whichever the image is you want to display, then use the code you have written but take out the copy and the unlink statemets.  Now just echo out the image.

 

You would now have a dynamic link to your files that you can store in your database whenever you need to show a picture.  So when your program builds the interface, you end up with:

 

< img src="image_viewer.php?id=aWRTDGhdfhaw">  which when looked at on the monitor displays your image, neither copied or deleted.

 

For the reason of, you can only send the header once, otherwise you get an error

 

Meaning your photo 'display' will have design disadvantages.

[simonp]

< img src="image_viewer.php?id=aWRTDGhdfhaw">  which when looked at on the monitor displays your image, neither copied or deleted.

What code would I use in image_viewer.php?

 

I'm trying to do the same thing btw!