Page 1 of 1
Image not displayed in browser with this code.Please help.
Posted: Thu May 21, 2009 2:56 am
by umang40
Code: Select all
<html>
<body>
<table>
<tr>
<td height="67"><?php echo getThumbnail('def.jpg'); ?></td>
</tr>
</table>
</body>
</html>
<?php
function getThumbnail($image){
$imagepath = 'phpimages';
$image = str_replace(array('..', '.'), '', $image); //Remove .. and . to prevent navigation to other folders from hackers
if(file_exists($imagepath.$image)){
echo '<img src="'.createThumbnail($image, $imagepath, "-thumb", 120, 100, 100).'">'; //Create a thumbnail and flush it to the buffer
}else{
echo '<img src="'.$imagepath.'notfound.jpg">'; //Return the not found image
}
}
function createThumbnail($img, $imgPath, $suffix, $newWidth, $newHeight, $quality){
$original = imagecreatefromjpeg("$imgPath/$img") or die("Error Opening original");
list($width, $height, $type, $attr) = getimagesize("$imgPath/$img");
// Resample the image.
$tempImg = imagecreatetruecolor($newWidth, $newHeight) or die("Cant create temp image");
imagecopyresized($tempImg, $original, 0, 0, 0, 0, $newWidth, $newHeight, $width, $height) or die("Cant resize copy");
// Save the image.
imagejpeg($tempImg, "$imgPath/hhm.jpg", $quality) or die("Cant save image");
$imagepath="phpimages/hhm.jpg";
$image9=imagecreatefromjpeg($imagepath);
header('Content-Type: image/jpeg');
imagejpeg($image9);
imagedestroy($original);
imagedestroy($tempImg);
return true;
}
?>
Re: Image not displayed in browser with this code.Please help.
Posted: Thu May 21, 2009 3:05 am
by onion2k
When you display an image in a browser you need to use an <img> tag. Dumping the image data into a page of HTML isn't going to work.
You'll need 2 scripts - one for the HTML and one for the image.
Hint: You really shouldn't be generating the image every time the page loads. Rethink your entire approach.
Re: Image not displayed in browser with this code.Please help.
Posted: Thu May 21, 2009 7:39 am
by jaoudestudios
$image = str_replace(array('..', '.'), '', $image); //Remove .. and . to prevent navigation to other folders from hackers
Huh!?!!?
There is no GET/POST so the user can not manipulate the path to the image, so having this
hack prevention is useless, because the only way it can be hacked would be by going into the code and if that is possible then the hacker could just as easily remove this
hack prevention technique.
Re: Image not displayed in browser with this code.Please help.
Posted: Thu May 21, 2009 3:19 pm
by Darhazer
You can embed the image in the page if you really want this, but you have to use data: scheme and to base64_encode() the contents of the image.
More info here:
http://www.faqs.org/rfcs/rfc2397.html
Re: Image not displayed in browser with this code.Please help.
Posted: Thu May 21, 2009 3:20 pm
by Darhazer
jaoudestudios wrote:$image = str_replace(array('..', '.'), '', $image); //Remove .. and . to prevent navigation to other folders from hackers
Huh!?!!?
There is no GET/POST so the user can not manipulate the path to the image, so having this
hack prevention is useless, because the only way it can be hacked would be by going into the code and if that is possible then the hacker could just as easily remove this
hack prevention technique.
It's better to protect when this is not necessary, then to be unprotected...
It's currently hard-coded to be 'def.jpg', but probably in future version this will be dynamic?