Image not displayed in browser with this code.Please help.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
umang40
Forum Newbie
Posts: 8
Joined: Wed May 20, 2009 7:31 am

Image not displayed in browser with this code.Please help.

Post by umang40 »

Code: Select all

<html>
     <body>
        <table>
             <tr>
                <td height="67"><?php echo getThumbnail('def.jpg'); ?></td>
               
             </tr>
         </table>
     </body>
 </html>
  <?php
 
 function getThumbnail($image){
    $imagepath = 'phpimages';
    $image = str_replace(array('..', '.'), '', $image); //Remove .. and . to prevent navigation to other folders from hackers
   if(file_exists($imagepath.$image)){
        echo '<img src="'.createThumbnail($image, $imagepath, "-thumb", 120, 100, 100).'">'; //Create a thumbnail and flush it to the buffer
    }else{
        echo '<img src="'.$imagepath.'notfound.jpg">'; //Return the not found image
    }
     }
 function createThumbnail($img, $imgPath, $suffix, $newWidth, $newHeight, $quality){
 
  $original = imagecreatefromjpeg("$imgPath/$img") or die("Error Opening original");
  list($width, $height, $type, $attr) = getimagesize("$imgPath/$img");
 
  // Resample the image.
  $tempImg = imagecreatetruecolor($newWidth, $newHeight) or die("Cant create temp image");
  imagecopyresized($tempImg, $original, 0, 0, 0, 0, $newWidth, $newHeight, $width, $height) or die("Cant resize copy");
  // Save the image.
  imagejpeg($tempImg, "$imgPath/hhm.jpg", $quality) or die("Cant save image");
 
$imagepath="phpimages/hhm.jpg";
 
$image9=imagecreatefromjpeg($imagepath);
 
header('Content-Type: image/jpeg');
 
imagejpeg($image9);
imagedestroy($original);
    imagedestroy($tempImg);
    return true;
    
 }
 ?>
Last edited by onion2k on Thu May 21, 2009 3:05 am, edited 1 time in total.
Reason: Added php tags.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Image not displayed in browser with this code.Please help.

Post by onion2k »

When you display an image in a browser you need to use an <img> tag. Dumping the image data into a page of HTML isn't going to work.

You'll need 2 scripts - one for the HTML and one for the image.

Hint: You really shouldn't be generating the image every time the page loads. Rethink your entire approach.
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: Image not displayed in browser with this code.Please help.

Post by jaoudestudios »

$image = str_replace(array('..', '.'), '', $image); //Remove .. and . to prevent navigation to other folders from hackers
Huh!?!!?

There is no GET/POST so the user can not manipulate the path to the image, so having this hack prevention is useless, because the only way it can be hacked would be by going into the code and if that is possible then the hacker could just as easily remove this hack prevention technique.
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: Image not displayed in browser with this code.Please help.

Post by Darhazer »

You can embed the image in the page if you really want this, but you have to use data: scheme and to base64_encode() the contents of the image.

More info here:
http://www.faqs.org/rfcs/rfc2397.html
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: Image not displayed in browser with this code.Please help.

Post by Darhazer »

jaoudestudios wrote:
$image = str_replace(array('..', '.'), '', $image); //Remove .. and . to prevent navigation to other folders from hackers
Huh!?!!?

There is no GET/POST so the user can not manipulate the path to the image, so having this hack prevention is useless, because the only way it can be hacked would be by going into the code and if that is possible then the hacker could just as easily remove this hack prevention technique.
It's better to protect when this is not necessary, then to be unprotected...
It's currently hard-coded to be 'def.jpg', but probably in future version this will be dynamic?
Post Reply