Edward Posted April 7, 2007 Share Posted April 7, 2007 I'm making an FTP site for users. I know that for security reasons I need to place my files outside of the web directory, but I can't seem to access SOME of them?! For the website to work, my supplier says to place the site docs inside the 'public_html' folder, which I've done. I can include a php page in the root folder by using the following code, but I can't display images with the code below. PLEASE can someone shead some light on this, its really urgent and I don't see (or particularly want) an alternative. Thank you very much. This works: <?php include('../test/test.php'); ?> This doesn't work: <a href="../test.jpg"><img src="../test.jpg" width="400" height="300" alt="Test" border="0" /></a> Link to comment https://forums.phpfreaks.com/topic/45956-please-help-me-make-ftp-site-secure/ Share on other sites More sharing options...
clown[NOR] Posted April 7, 2007 Share Posted April 7, 2007 you tried ../test/test.jpg just a shot in the dark Link to comment https://forums.phpfreaks.com/topic/45956-please-help-me-make-ftp-site-secure/#findComment-223242 Share on other sites More sharing options...
MadTechie Posted April 7, 2007 Share Posted April 7, 2007 LOL exacly what i was going to say Link to comment https://forums.phpfreaks.com/topic/45956-please-help-me-make-ftp-site-secure/#findComment-223243 Share on other sites More sharing options...
clown[NOR] Posted April 7, 2007 Share Posted April 7, 2007 hehe... =) it's worth a try tho Link to comment https://forums.phpfreaks.com/topic/45956-please-help-me-make-ftp-site-secure/#findComment-223245 Share on other sites More sharing options...
Edward Posted April 7, 2007 Author Share Posted April 7, 2007 Sorry, that was a typo on my part. Thanks but it isn't that simple unfortunately. Here's the actual code: <a href="../test.jpg"><img src="../test.jpg" width="400" height="300" alt="Test" border="0" /></a><br /> <?php include('../test.php'); ?> The image doesn't display but the php does ??? Link to comment https://forums.phpfreaks.com/topic/45956-please-help-me-make-ftp-site-secure/#findComment-223246 Share on other sites More sharing options...
clown[NOR] Posted April 7, 2007 Share Posted April 7, 2007 how about using direct link to the image? just an idea Link to comment https://forums.phpfreaks.com/topic/45956-please-help-me-make-ftp-site-secure/#findComment-223252 Share on other sites More sharing options...
Edward Posted April 7, 2007 Author Share Posted April 7, 2007 Do you mean doing this: <a href="test.jpg"><img src="test.jpg" width="400" height="300" alt="Test" border="0" /></a><br /> <?php include('test.php'); ?> I can't do that for security reasons. Link to comment https://forums.phpfreaks.com/topic/45956-please-help-me-make-ftp-site-secure/#findComment-223256 Share on other sites More sharing options...
MadTechie Posted April 7, 2007 Share Posted April 7, 2007 If the image isn't in the public_html then i don't think a html page can read it.. have you tried a php page that loads the image up something like imageloader.php?IMG=thesun.png <?php function LoadPNG($imgname) { $im = @imagecreatefrompng($imgname); /* Attempt to open */ if (!$im) { /* See if it failed */ $im = imagecreatetruecolor(150, 30); /* Create a blank image */ $bgc = imagecolorallocate($im, 255, 255, 255); $tc = imagecolorallocate($im, 0, 0, 0); imagefilledrectangle($im, 0, 0, 150, 30, $bgc); /* Output an errmsg */ imagestring($im, 1, 5, 5, "Error loading $imgname", $tc); } return $im; } header("Content-Type: image/png"); $img = LoadPNG("../".$_GET['IMG']); imagepng($img); ?> or for JPEG use imageloader.php?IMG=thesun.jpg <?php function LoadJpeg($imgname) { $im = @imagecreatefromjpeg($imgname); /* Attempt to open */ if (!$im) { /* See if it failed */ $im = imagecreatetruecolor(150, 30); /* Create a black image */ $bgc = imagecolorallocate($im, 255, 255, 255); $tc = imagecolorallocate($im, 0, 0, 0); imagefilledrectangle($im, 0, 0, 150, 30, $bgc); /* Output an errmsg */ imagestring($im, 1, 5, 5, "Error loading $imgname", $tc); } return $im; } header("Content-Type: image/jpeg"); $img = LoadJpeg("../".$_GET['IMG']); imagejpeg($img); ?> Link to comment https://forums.phpfreaks.com/topic/45956-please-help-me-make-ftp-site-secure/#findComment-223258 Share on other sites More sharing options...
Edward Posted April 7, 2007 Author Share Posted April 7, 2007 I think you might be right, I don't think the webserver will be able to read it. I'd seen this method recommended in books, but I guess that must just be for local-run sites. My problem is, that I've put the work in making a secure FTP site with login etc, however if anybody tries to access a file directly, they can! So if Mr Random goes to www.mysite.com, he won't be able to log in, however if he goes to mysite.com/files/private.txt, he will be able to view/download it. I know that he would first have to know the name of the file, but it still leaves it open to possibility (and there may be ways of him finding out?...). Is there any way around this? I only want the files to be accessible when they log in and click my link to the file. Link to comment https://forums.phpfreaks.com/topic/45956-please-help-me-make-ftp-site-secure/#findComment-223260 Share on other sites More sharing options...
MadTechie Posted April 7, 2007 Share Posted April 7, 2007 the way i did this was by moving the files to a hidden area.. for example /public_html/test/uploaded/hidden/thefile.txt of course the members need to access this so instead of suppling a link to it i use a php script to read the file in and then force a download (or display to page) see the snip section on force download your get the idea <?php //can be pulled from database $file = '/public_html/test/uploaded/hidden/thefile.txt'; // or even (need to add a security cleanup to this \/ $file = '/public_html/test/uploaded/hidden/'.$_GET['file']; header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: application/force-download"); header( "Content-Disposition: attachment; filename=".basename($file)); header( "Content-Description: File Transfer"); @readfile($file); ?> JUST TO POINT OUT THAT WAS FROM A SNIP FROM THE FAQ/Code Snippet Repository section http://www.phpfreaks.com/forums/index.php/topic,95433.0.html Link to comment https://forums.phpfreaks.com/topic/45956-please-help-me-make-ftp-site-secure/#findComment-223264 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.