Hi,
For security purposes, I am trying to make an image appear on my page from outside of the web root. It works in two files, both of which I have taken from a book and modified. The first file (display.php) is actually the page which displays the image, and the second file (show_image.php ) takes the file out of the web root and sends it to the first file. All the images I am trying to access are gifs. Simple enough, or so it would seem...
Here is the important part of (display.php): -
<?php
-
-
if($image = getimagesize("../../secured/member_images/{$row['mem_img_file']}")) {
-
echo "<img src=\"../../secured/show_image.php?image={$row['mem_img_file']}\" $image[3] alt=\"member photo\" />";
-
} else {
-
echo "<font color=\"white\" size=\"3\">No Image Available <a href=\"get_id_card.php\">(Click Here)</a></font>";
-
}
-
-
?>
-
[Please use CODE tags when posting source code. Thanks! --pbmods]
The code for (show_image.php ) is: -
<?php
-
-
if (isset($_GET['image'])) {
-
$image = "../../testing/member_images/{$_GET['image']}";
-
-
if(file_exists($image) AND (is_file($image))) {
-
$name = $_GET['image'];
-
-
} else {
-
$image = 'images/unavailable.gif';
-
$name = 'unavailable.gif';
-
}
-
-
} else {
-
$image = 'images/unavailable.gif';
-
$name = 'unavailable.gif';
-
}
-
-
$fs = filesize($image);
-
-
header ("Content-type: image/gif");
-
header ("Content-disposition: inline; filename=\"$name\"\n");
-
header ("Content-length: 4fs\n");
-
readfile ($image);
-
-
?>
-
Problem is, it just doesn't work at all. It will not display the image. Thanks for any help....
4  3551  epots9 1,351
Recognized Expert Top Contributor
what OS is the site on? cuz it might be a permissions issue
It is on a server running Linux.
I looked at the permissions they are granted on my machine, and there is no problem there.
epots9 1,351
Recognized Expert Top Contributor
i've heard that using
[PHP]$image = "../../testing/member_images/{$_GET['image']}";[/PHP]
isn't the greatest, so try
[PHP]$image = "../../testing/member_images/".$_GET["image"];[/PHP]
try applying that to your other lines.
pbmods 5,821
Recognized Expert Expert
Heya, dgiglio. Welcome to TSDN! - header ("Content-disposition: inline; filename=\"$name\"\n");
-
header ("Content-length: 4fs\n");
I doubt you need to include these headers. I never bother with them.
Also, the content-length is supposed to be the filesize in bytes.
Incidentally, you don't need to put '\n' in your headers. PHP does that for you automatically :)
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: cooldv |
last post by:
i learnt from *Ken Schaefer's* website that for security reasons, u
should put your DB outside the website root directory. this is his
webpage -
http://www.adopenstatic.com/resources/guide/gettingstarted/structure.asp
1. where do i place the database outside the root directory? my
directory access from my hosting company (windows 2000 server) is like
this:
ftp.mywebsite.com
|
by: Shabam |
last post by:
I'm running Dotnet on Windows 2003 and was wondering, can scripts write to
files/folders outside of the webroot, for instance, in another drive?
How about writing to a network share via UNC? Is that possible? If so can
someone point me to documents that talk about this, or perhaps show me how
this can be done? Thanks!
|
by: Francois Soucy |
last post by:
I've 2 projects in same WEbRoot. Each project has is own Subdirectory.
Project #1: /Journal/ '<-- Anonymous
/Journal/Admin/ ' <-- WebForm Authentication for each web
page
Project #2: /Recettes/ '<--- Anonymous
/Recettes/Admin/ '<--- WebForm Authentication for each web
page
I've a Web.Config file that work perfectly for Form authentication. But I
|
by: gurnandank |
last post by:
Hi,
I have a web application which uses SSL on one the folders. When I
developed application the set up was webroot and under that folder
called 'secure'.
My ISP has provided a folder called 'secure' on the server which has
shared SSL and is sitting outside of the web root, hence the set up
called 'secure' and then at the same level a folder called web root.
Now, I have two issues:
|
by: Jameson |
last post by:
Happy New Year, Everyone!
I am trying to figure out how to display a bunch of images (mainly
JPEGs, but possibly a few GIFs and PNGs as well) that are stored in a
local directory on the system. I can do this with the glob() function,
but I can't seem to put in a directory other than one within the
webroot. For example, I can only put "/uploads" and not
"/Volumes/jray/Pictures...".
Any ideas how to get around this? If I can't use the...
| | |
by: The Numerator |
last post by:
I have a folder full with images, and for security reasons I don't want
anyone to know where the folder is. So, to call images, I know there is
a way to call like a PHP file instead. For example Galley 2 (a
PHP-enabled photo album) safetly tucks away the actual images and in
the image source, it calls for something like
"main.php?g2_view=core.DownloadItem&g2_itemId=12&g2_serialNumber=3".
How do you do that? Do you need to use the...
|
by: kh100uk |
last post by:
hi folks,
I've been reading a lot of the discussion going on in this site about security - it has been hugely helpful, so thank you!
I was particularly interested in the discussion at http://www.thescripts.com/forum/thread1954.html. I liked the idea of having uploaded images stored outside of the webroot and only displayed when pulled through by some php code. Has anyone done anything like this? If you could give me some pointers on how it...
|
by: foss |
last post by:
hi all,
I am not able to copy file from a directory in the server to another directory.
Here,
the source is outside the web root directory and the destination is inside the web root directory.
I got a warning
The code is as follows:
|
by: matheussousuke |
last post by:
Hello, I'm using tiny MCE plugin on my oscommerce and it is inserting my website URL when I use insert image function in the emails.
The goal is: Make it send the email with the URL http://mghospedagem.com/images/controlpanel.jpg
instead of
http://mghospedagem.comhttp://mghospedagem.com/images/controlpanel.jpg
As u see, there's the website URL before the image URL.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
