Page 1 of 2

How to disp pics outside www-root folder?

Posted: Fri May 30, 2003 8:35 am
by Galt
My www-root folder is \www\htdocs, but I have a folder \www\photos with a bunch of pictures. I would like to be able to display these pictures from webpages inside \www\htdocs. I placed the pictures there for security reasons, since I dont want to let people get to the pics directly. Any idea how I could do this?

Thanks.

Posted: Fri May 30, 2003 8:45 am
by mikusan
Why, what kinda security measure is that, excuse my ignorance, but if you don't want somebody to access the folder thru the Address bar, then just put an index.html file in that picture folder saying that you cannot access that folder, or even better write it in the .htaccess file. That is if you STILL want to show those pictures to the worldd. Otherwise if it's a local problem, then i would still tell you to edit your .htaccess file to make sure that internally people cannot see that folder. I can help you with .htaccess.

Posted: Fri May 30, 2003 8:46 am
by stuart
I assume you have ftp access to the picture folder.... if so then you could ftp the required picture (to within your http root) as and when needed. Or you could load the images into a temp table in a database for security reasons.

... just a few thoughts!!

Posted: Fri May 30, 2003 8:55 am
by Galt
mikusan wrote:Why, what kinda security measure is that, excuse my ignorance, but if you don't want somebody to access the folder thru the Address bar, then just put an index.html file in that picture folder saying that you cannot access that folder, or even better write it in the .htaccess file. That is if you STILL want to show those pictures to the worldd. Otherwise if it's a local problem, then i would still tell you to edit your .htaccess file to make sure that internally people cannot see that folder. I can help you with .htaccess.
I'll try to explain it a little better. Lets suppose I have a pic xyz.jpg. If I store it inside the web root, (ex: in /htdocs/images/xyz.jpg) then people can do this: http://mysite.com/images/xyz.jpg and they can view he page. Placing an index.htm file that redirects to main page only stops people from listing the directory content. I'm new to this, and I thought the only way to prevent people from doing .../images/xyz.jpg in their address bar is to put the folder of pictures outside the web root.

I know there's some way to modify .htaccess so that RedirectMatch is set to divert all requests for files in that folder to another page. But since I dont know how to do that, I tried my (albeit nonworking) method. Since you said you knew how to deal with .htaccess, could you please help me out? I'll place the folder under web root (htdocs/photos/pics.jpg). Could you help me with what to put in the htaccess file for that folder so that http requests for contents get redirected?

Thanks a lot. =)

Posted: Fri May 30, 2003 8:56 am
by hedge
Not sure what these guys are talking about, just use php to send the correct header and then stream the file to the browser

Code: Select all

<?php
 header('content-type: image/jpeg');
 readfile(<filename>);
?>

Posted: Fri May 30, 2003 9:01 am
by stuart
hedge wrote:Not sure what these guys are talking about, just use php to send the correct header and then stream the file to the browser

Code: Select all

<?php
 header('content-type: image/jpeg');
 readfile(<filename>);
?>
That's what I like about forums... there is always someone with a much easier/better solution....... nice one :)

Posted: Fri May 30, 2003 9:10 am
by Galt
hedge wrote:Not sure what these guys are talking about, just use php to send the correct header and then stream the file to the browser

Code: Select all

<?php
 header('content-type: image/jpeg');
 readfile(<filename>);
?>
I really like how small this solution is. One last question though. How would I display this picture if I need to use it within some table... i.e

... <td> <img src="somepic.jpg"> </td> ...

Posted: Fri May 30, 2003 9:17 am
by mikusan
I have never tried that and that could suffice, now that i understand the problem a little bit better, if what stuart said works, and you think that is enough then you should go ahead, quite an interesting sulution. As for the .htaccess file it can give you ALOT of nefty things you can play with, some may work in conjunction with what stuart said, i have never tried this but a request in the browser for http://yoursite/picture.jpg and an entry in .htaccess :
<Directory /www/pictures>
Redirect /www/picture.jpg http://yoursite/htdocs/error.html
</Directory>

BUT, what you are asking is something that i have done before to avoid ppl linking to files and pictures on my website, perhaps this is what you have been looking for:
[Add the following code to your .htaccess file]
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]

This will display an error if someone links to your picture...

The first is something i have never tried and i am curious to see if it works in conjunction with what stuart said. The second is the perfect solution, IF that is what you are looking for

Posted: Fri May 30, 2003 9:25 am
by Galt
What stuart said works. But not the way I want it to. I tried his code, and sure enough the browser shows the picture. But I dont know how to change his solution so that it can be included in a regular html file with other content as well. For example:

Code: Select all

<html>
<body>
<table> <tr>
<td> Some text </td>
<td> <img src="picture.jpg"> </td></tr></table>
</html>
As for what mikusan said, your solution is almost what I want. Your .htaccess code redirects if another website links to my pictures. But what if the person is already viewing my website, and then he tries to view the picture directly? The HTTP_REFERER will then be my website, and he can view the pic. I want it so that the *only* way that the pic can be viewed is to view the page that includes it. So one solution would be to make mod_alias or whatever method the .htaccess file uses to redirect *all* http requestes for anything inside the /photos folder to the error page. Can you give me the .htaccess code for that please?

Thanks to all you guys for your help.

Posted: Fri May 30, 2003 9:34 am
by mikusan
WE can work it that way and let .htacces do the dirty work, but your question seems much simpler then, in your html file include the code in php tags.

Code: Select all

<html> 
<body> 
<table> <tr> 
<td> Some text </td> 
<td> 
<?php
header('content-type: image/jpeg'); 
readfile(<filename>); 
?>
 </td></tr></table> 
</html>

Posted: Fri May 30, 2003 9:36 am
by mikusan
Have you tried:
in .htaccess :
<Directory /www/pictures>
Redirect /www/pictures http://yoursite/htdocs/error.html
</Directory>

Posted: Fri May 30, 2003 9:49 am
by Galt
mikusan wrote:WE can work it that way and let .htacces do the dirty work, but your question seems much simpler then, in your html file include the code in php tags.

Code: Select all

<html> 
<body> 
<table> <tr> 
<td> Some text </td> 
<td> 
<?php
header('content-type: image/jpeg'); 
readfile(<filename>); 
?>
 </td></tr></table> 
</html>
I dont believe that works, since you've already sent text before the header() method. Plus readfile() just dumps the actual file contents, so your code will look like (if the header() command is taken out):

... <td> #$U%I#%U#IO$%U@#%BINARY_FROM_JPEG_FILE@#$J%J@#% </td> ....

I'm gonna try the .htaccess code now ... hope that works.

Posted: Fri May 30, 2003 10:03 am
by mikusan
OOOPSSSS SILLY ME... I totally forgot... i just cut and paste :oops:

Posted: Fri May 30, 2003 10:04 am
by Galt
I think I found my solution. RedirectMatch does what I need (used in .htaccess file). All I need is to make it redirect any url that contains the string "/photos/" in it (since thats the directory I want locked) to an error file. But I dont know the reg expression to use. Can anyone help with that?
RedirectMatch works like this:

RedirectMatch reg-exp-old-page new-page-to-send-to


** I got this from another post. Hope this helps.
RedirectMatch (.*)\.html$ $1.php

This redirects all pages that end in .html to their couterpart ending in .php

as in xyz.html -> xyz.php
/abc/d.html -> /abc/d.php

and so on...

Posted: Fri May 30, 2003 10:22 am
by stuart
Galt wrote:I dont believe that works, since you've already sent text before the header() method. Plus readfile() just dumps the actual file contents, so your code will look like (if the header() command is taken out):

... <td> #$U%I#%U#IO$%U@#%BINARY_FROM_JPEG_FILE@#$J%J@#% </td> ....

I'm gonna try the .htaccess code now ... hope that works.
You can call an image binary from anywhere in your script (even if headers have already been sent). You just do this:
getimage.php

Code: Select all

$file = $image."jpg";
header('content-type: image/jpeg'); 
echo readfile($file);
yourscript.php

Code: Select all

<html> 
<body> 
<table> <tr> 
<td> Some text </td> 
<td>

<img src="getimage.php?image=yourfile">

</td></tr></table> 
</html>
I use includes to get images from a database, so the above should work (I didn't test it though :) )