Page 1 of 1

How to display images who are outside document root (www) ?

Posted: Thu Jun 05, 2003 5:19 am
by redhair
Subject should say enough..

For reference: http://www.devnetwork.net/forums/viewtopic.php?t=9415

Posted: Thu Jun 05, 2003 6:41 am
by pootergeist

Code: Select all

$file_ref = '/root/path/' .$_GET['file_ref'];
if(file_exists($file_ref))
	{
	$tipe = getimagesize($file_ref);
	$header_ext = ($tipe[2] < 4) ? ($tipe[2] < 3) ? ($tipe[2] < 2) ? ($tipe[2] < 1) ? NULL : 'gif' : 'jpeg' : 'png' : NULL;
	if($header_ext !== NULL)
		{
		header("Content-type: image/" .$header_ext);
		readfile($file_ref);
		}
	}
note: if you have php4.2+ with --enable-exif configured, use exif_imagetype in place of the getimagesize process.

Posted: Thu Jun 05, 2003 8:01 am
by redhair
With the code used, i get:
Warning: getimagesize: Read error!

since you warned me. Using exif_imagetype results in:
Fatal error: Call to undefined function: exif_imagetype()
..guess thats not enabled on the server.

what to do about the read error?

Posted: Thu Jun 05, 2003 9:25 am
by pootergeist
assume you've amended the hardcoded subpath and are calling it through a <img src="that_script.php?file_ref=image_name.jpg" /> it should work fine.

Posted: Thu Jun 05, 2003 9:48 am
by redhair
well (thanks a lot for starters), i did as you say, but i get no image.

i writen away your first code away as 'image.php':

Code: Select all

<?php

$file_ref = '/usr/local/apache/www/myaccount/phpupl/' .$_GET['file_ref']; 
if(file_exists($file_ref)) 
   { 
   $tipe = getimagesize($file_ref); 
   $header_ext = ($tipe[2] < 4) ? ($tipe[2] < 3) ? ($tipe[2] < 2) ? ($tipe[2] < 1) ? NULL : 'gif' : 'jpeg' : 'png' : NULL; 
   if($header_ext !== NULL) 
      { 
      header("Content-type: image/" .$header_ext); 
      readfile($file_ref); 
      } 
   }

?>
then as you pointed out, i call it with <img src="image.php?file_ref=icon.gif" />.

what did i do wrong? ..for the image 'icon.gif' is there in /myacount/phpupl/.

Posted: Sat Jun 07, 2003 6:10 am
by redhair
I expirimented a little.
To see if it would work at all...
So i set up a dir IN the www root.
/usr/local/apache/www/myaccount/html/test...placed an image in it, and called it using your code...and it works! So...i didnt do anything wrong, and your code is super.

Now that we sorted out that we are cool, what should be the next step in order to make the images be retreived from the location where they should be stored. (/phpupl/) I figure it has to do something with rights on the server. Does anybody know wich rights should be changed?

Posted: Sat Jun 07, 2003 9:26 am
by m3rajk
so the dirs are:/usr/local/apache/www/myacount/phpupl/
and:/usr/local/apache/www/myacount/html/upload ?

then why not just set it to find ../../phpupl/$file ?


note: as long as you can read the file that SHOULD work

Posted: Sat Jun 07, 2003 10:40 am
by redhair
so the dirs are:/usr/local/apache/www/myacount/phpupl/
and:/usr/local/apache/www/myacount/html/upload ?
Nope, there is only the first. (..where did you get that second one from?)

And i tried...and tried and read, and read...expiriment this..and that.

But still no go! The image will not show.
Sooo...again, it must(?) be a setting on the server.
'I'm not allowed to read the phpupl directory'?

Because as i mentioned before, using the same script while trying to read a file in document root, does work. (using path:/usr/local/apache/www/myacount/HTML/somdir/)

Posted: Mon Jun 09, 2003 2:18 am
by Elantri_X
You cant read files out of your given home directory. If this was possible, you'd have a HUGE security risk when someone uploads a file to read files like .htaccess... this brings me to another solution for you.

The directory you want your pics in to read from can have .htaccess file

.htaccess

Code: Select all

deny from all
put this into the folder you want nobody to access..

Posted: Mon Jun 09, 2003 7:56 am
by redhair
Elantri_X wrote: The directory you want your pics in to read from can have .htaccess file
i guess you didnt read the issue/ question very good.

Never mind..
I have been told that it is not possible.

Goal was to make it as safe as possible.
Only gifs and jpgs would be allowed.

i was planning to store the images in the dir above www root, rename them while they get uploaded (something like 643789478454545784.gif) Store the real name in the database+the new name, and then have it called by some page,....easy as that.
But o to bad...that party won't take place.
I go try the other (poor) option left, namely, to store the images in mysql.