mattcairns Posted November 7, 2007 Share Posted November 7, 2007 Hello Everyone, I've recently launched a site and content management system and was told by the host that it was causing too much strain on their processor. Pushing it up to 100% for extended periods of time. They shut down some scripts that were causing the problem. Initially I was creating thumbnails and doing image resizing on the fly using the gd_library's imagecopyresampled(). After talking to the administrator we decided this was the issue so I changed my cms to create thumbnails and do image resizing on upload, which is far less convenient, but I hoped it would lighten the server load. Now I am using file_get_contents() to read images on to the site, and was told the processor is still being pushed, but not as hard and for a shorter period of time. They are letting me go live again to see what happens. I am saving all the files to a directory above the root to help protect against hijacks, so I have to use something like file_get_contents() to display them. I am using this method because I assumed file_get_contents() is lighter than any other method. I am kind of new to reading in files, and know nothing about web servers, so I am looking for advice as to what to do. I believe the host is a smaller operation, they are also running windows. Do I need to find another way to load in images? Would a better host resolve this problem? Any insight would be greatly appreciated. Below is the my code for reading in images. Thank you. <? ##CREATE FILE PATH $file_path = "path/to/file"; ##GET IMAGE INFO $img_prop = getimagesize($file_path); ##OPEN IMAGE switch($img_prop[mime]){ case "image/jpeg": header("Content-Type: ".$img_prop[mime]); print file_get_contents($file_path); break; case "image/gif": header("Content-Type: ".$img_prop[mime]); print file_get_contents($file_path); break; case "image/png": header("Content-Type: ".$img_prop[mime]); print file_get_contents($file_path); break; default: die("Not an image."); break; } Quote Link to comment Share on other sites More sharing options...
Orio Posted November 7, 2007 Share Posted November 7, 2007 Why don't you simply store the images/thumbnails in your www (or httpdocs or whatever you call it), and use the html img tag? This way the users will have to simply download the data, without the server processing them. There's no security risk in that... Also, instead of "print file_get_contents(..);" you can simply write "readfile($filename);" Orio. Quote Link to comment Share on other sites More sharing options...
mattcairns Posted November 7, 2007 Author Share Posted November 7, 2007 Thanks for the response. The reason I am uploading above the root directory is due to some advice I received. The idea is to stop hackers from uploading malicious code, then visiting it via url. For the most part I am uploading images, and using the mime portion of getimagesize() to verify the file is an image, but in a few places I am allowing an open upload for files like .pdf, .doc, etc. Granted the upload form is password protected, but I just wanted to be safe. My files are also being saved with a random 16 character file name, which could help deter intrusion. Do you still think it would be safe to upload into the root directory? Quote Link to comment Share on other sites More sharing options...
Orio Posted November 7, 2007 Share Posted November 7, 2007 Well if you validate good enough on uploading that the uploaded, there shouldn't be a problem to store them in your httpdocs. Orio. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.