Page 1 of 2
Filesystem, below web root
Posted: Sat Sep 15, 2007 2:21 am
by kkonline
In a web poll on top most programmers suggest to store Filesystem, below web root that means where it is not accessed by the web.
Now how do i store images below the webroot and and how to retrieve them for displaying? Please tell me the logic and sample code too if possible.
Posted: Sat Sep 15, 2007 2:25 am
by s.dot
I would recommend doing that as a layer of security, but not for EVERYTHING.
Anyways, just put the images outside of your document root? /home/user/images, instead of /home/user/public_html/images.
You would then need to write a script to output the image, making it accessable through something like script.php?image=someimage.jpg.
This script would need to get the contents of the image, then supply the appropriate header information.
Posted: Sat Sep 15, 2007 2:28 am
by kkonline
scottayy wrote:
You would then need to write a script to output the image, making it accessable through something like script.php?image=someimage.jpg.
This script would need to get the contents of the image, then supply the appropriate header information.
OK, that means i will have to store the images manually in /home/user/images ... is there anyway i can store using upload or something... much more convinient and any is idea how to get the contents of the image, then supply the appropriate header information.
Any code to do it or some logic or tutorial?
Posted: Sat Sep 15, 2007 2:31 am
by s.dot
A sample script would be like this:
Code: Select all
<?php
//get the image name or id or something.. probably needs some
//security checks
$image = $_GET['image'];
//check if it exists
if (!file_exists('home/user/images/' . $image))
{
die('Image ' . $image . ' does not exist.');
}
//send the content type header
header('Content-type: image/jpeg');
//send the contents of the image
echo file_get_contents('home/user/images/' . $image);
EDIT| Yes, you can upload them. When you go to use move_uploaded_file() just move it to /home/user/images.
Posted: Sat Sep 15, 2007 2:35 am
by kkonline
scottayy wrote:A sample script would be like this:
Code: Select all
<?php
//get the image name or id or something.. probably needs some
//security checks
$image = $_GET['image'];
//check if it exists
if (!file_exists('../images/' . $image))
{
die('Image ' . $image . ' does not exist.');
}
//send the content type header
header('Content-type: image/jpeg');
//send the contents of the image
echo file_get_contents('../images/' . $image);
.. indicates going up a directory, which is what you need to do if you're in the document root.
that means if i am uploading the code you suggested in /home/user/public_html then it would access /home/user/images which cannot be accessed otherwise . Correct ? And why did you say it is not suggested for everything in the previous reply any drawbacks of this system?
Posted: Sat Sep 15, 2007 2:40 am
by s.dot
It cannot be accessed through a web browser.
Anything that you access through your browser should be in the document root (unless, like in this case, you want it to be protected a little more). If you put everything below the document root, that'd include your php and html files... and just wouldn't make much sense.
Posted: Sat Sep 15, 2007 2:42 am
by kkonline
what does $image in the code refer to? is it referring to $_GET['image'] variable?
Posted: Sat Sep 15, 2007 2:44 am
by s.dot
Yes. The first line of the script is $image = $_GET['image'];

Posted: Sat Sep 15, 2007 2:48 am
by kkonline
scottayy wrote:Yes. The first line of the script is $image = $_GET['image'];

Ok thanks.. I got another idea to store all the images in /home/user/public_html/images as usual
and then run a php code which takes each and every file in the directory image and store it's reference url, time, date, filename information in the database (using auto incrementing the id in database).
So in this case how would i write the php code which automatically insert each images associated refernce url like mysite.com/images/1.jpg in the database. I think this would be a better solution?
Posted: Sat Sep 15, 2007 2:50 am
by s.dot
I don't know what would be a better solution.. because I don't know what the problem is. You just asked me how to do something and I showed you.
What is the problem or the goal? Maybe we can come up with the best solution for it.
Posted: Sat Sep 15, 2007 2:55 am
by kkonline
scottayy wrote:
What is the problem or the goal? Maybe we can come up with the best solution for it.
The aim is to store around a 1000 images and maybe ppt and videos using a better effective method which doesn't take too much server resources AND to have some sort of number of views and rating associated with each file like we have with articles etc...
Can't figure out how to store below document root or above document root or in database or use combination or what..
Posted: Sat Sep 15, 2007 2:57 am
by s.dot
You don't need to store below document root for that.
Just upload them, and store the path to the file in the database. Have a field for views, rating, etc. Then on the script that displays the image or video, mysql_query() to update the database.
Posted: Sat Sep 15, 2007 3:01 am
by kkonline
scottayy wrote:You don't need to store below document root for that.
Just upload them, and store the path to the file in the database. Have a field for views, rating, etc. Then on the script that displays the image or video, mysql_query() to update the database.
Any suggestions how to store the path of the image/video in database. Suppose i upload in dir /home/user/public_html/image an image123.jpg using normal upload method what to do next and how?
Posted: Sat Sep 15, 2007 3:30 am
by Kieran Huggins
my first instinct would be to store them to
Code: Select all
$_SERVER['DOCUMENT_ROOT'].'/../files/'+md5(file_get_contents($the_file))
then you only need to store the md5 in the DB, as well as info like the suggested filename. I would also store the mime type of the file in the DB as well, because that would be useful to sort/group by.
Also, by using the md5() of the file contents you can avoid collisions as well as save filesystem space on duplicate uploads, even by different users!
Maybe write a simple File class that stores / retrieves the files. The possibilities are endless.
Posted: Sat Sep 15, 2007 3:30 am
by Mordred
scotayy, this code is dangerous, it can be used to retreive arbitrary files on the server.