unable to access images outside public folder

[jasonc]

I have searched around and found this code that suggests that I should be able to read an image file and echo it directly in to the page without hyperlinking to the file that is outside the public folder, but i get the error message that it is not there even though the file is.

 

 

Warning: getimagesize() [function.getimagesize]: Unable to access "/home/****/upload/AAABBBCCC.JPG" in /home/****/public_html/client.php on line 40

 

 

$image = "AAABBBCCC.JPG";
$path= "/home/****/upload/";
$details = getimagesize($path . $image);
header ('Content-Type: ' . $details['mime']);
echo  file_get_contents($path . $image);

[PFMaBiSmAd]

Is the spelling and capitalization of both the path and the file correct?

[jasonc]

just in case this was the issue iI change the code so it would capitalise all the file names and the same when it is getting it.

 

I have also tried to use permission set to 777, 666, 755  and even tried relative path ../../upload/file

[PFMaBiSmAd]

Without your actual code that is getting/forming the $image and triggering the error and both the error messages, it's kind of hard to help you with the half dozen possible things that could prevent a file operation from matching the actual filename. For example, the exact wording of all the error messages, less your account/domain part of them, may in fact tell someone here what is causing the problem.

[jasonc]

I have checked the file and the database and both file name in file and database match.

 

The only thing that is not working is the get image part.

 

get image.

<?PHP session_start();
$uploaddir = "/home/***/upload/";

include('connection.php');

date_default_timezone_set('Europe/London');
$format = 'Y-m-d H:i:s'; $date = date( $format );

$reportCode = "";

  if(isset($_POST['viewReport']) && trim($_POST['viewReport']) == 'View Report') {
    $surname    = mysql_real_escape_string($_POST['surname']);
    $code = mysql_real_escape_string($_POST['code']);

$check = mysql_query("SELECT * FROM `clientinfo` WHERE `surname` = '" . strtolower($surname) . "' AND `code` = '" . strtoupper($code) . ".JPG' LIMIT 1");

    if(!$surname) {
      $thisError = 'Please enter your Surname.';
} else if($code == "") {
      $thisError = 'Please enter your Security Code.';
    } else if(! mysql_num_rows($check)) {
      $thisError = 'That report is not yet ready to view, please try again in a few days.';
    } else if(mysql_num_rows($check)) {	// get report file.
$reports = mysql_fetch_assoc($check);
$reportCode = $reports['code'];
$details = getimagesize('"' . $uploaddir . $reportCode . '"');
header ('Content-Type: ' . $details['mime']);
    } else {
// something else went wrong.
}
  }
?>
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Client Area</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="style.css" type="text/css">
</head>

<body>

  <div class="headerBar"></div>

  <div class="content">
    <div class="widthLimiter contentStyle">
      <div class="formWrapper" style="width: 450px; text-align: center;">
        <? if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; } ?>
        <? if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; } ?>
        <span class="subHeader">Client Area</span>
<? if ($reportCode) { ?>
<div>
<br>Your report<br><br><?
echo  file_get_contents('"' . $uploaddir . $reportCode . '"');
?>
</div>
<? } else { ?>
        <form method="POST" action="client.php">
        <ul style="padding: 0 10px 0 10px;">
          <li class="field">Clients Surname</li>
          <li class="value"><input type="text" name="surname" value="<? if(isset($_POST['surname'])) { echo $surname; } ?>" style="width: 200px;"></li>
          <li class="field">Security Code<br><span class="small">(Please note: your Security Code may be CaSe SeNSitIvE)</span></li>
          <li class="value"><input type="text" name="code" value="" style="width: 200px;"></li>
          <li class="other"><input type="submit" name="viewReport" value=" View Report "> <input type="reset" value=" Clear "></li>
        </ul>
        </form>
<? } ?>
	<br style="clear:both;"><br>
  </div>
    </div>
  </div>

</body>
</html>

[PFMaBiSmAd]

Your ACTUAL code is concatenating double quotes to the start and end of the $uploaddir . $reportCode value.

 

Also, the response to the http request for the image can only be the content-type header followed by the image data.

[jasonc]

ok i have removed the double quotes and now i get the error that the image can not be displayed as it contians errors ?

 

I have checked the image on the server and it shows ok in the browser and when i download a copy via ftp to me pc and view it there is no problem i can see with the image, shows normally.

 

content type ?  sorry what is this ?

[jasonc]

ah the content type, yes this is set by the line...

header ('Content-Type: ' . $details['mime']);

it first checks what file type it is and then uses that to set the type of file to show.

 

but for some reason i think this line is reporting the problem.

file_get_contents($uploaddir . $reportCode);

[jasonc]

ok the only way i got the image to show was to take out all of the other html code in other words only show the image and nothing else.

 

but I would like to have the page formatted and have a header and footer layout as well as the image showing.  how can I get this to work also ?

[PFMaBiSmAd]

Each image on a web page requires an <img src="URL_that_results_in_the_image_being_sent_to_the_browser" alt=""> HTML tag. That's how the browser knows where to fetch the image in order to render it on the page.

 

The URL_that_results_in_the_image_being_sent_to_the_browser that you put into the src="..." attribute is the URL of your .php script that outputs the correct content-type header followed by the image data.