secure image viewing

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
shawngoldw
Forum Contributor
Posts: 212
Joined: Mon Apr 05, 2010 3:38 pm

secure image viewing

Post by shawngoldw »

Hi, I need to make images stored in one of my directories inaccessible to anyone who isn't logged into the website. I know the way to do it is to make a php script which returns the variables to use as the image source but I am not sure of the details.

I found this from a thread from about a year a go:

Code: Select all

<?php
$filename = "../natura_photos_large/".$_GET[trans]."-".$_GET[size].".jpg";
header("Content-Type: <span class="posthilit">image</span>/jpeg");
echo file_get_contents($filename);
?>
I am not entirely sure how this works, specifically where posthilit gets defined and what it is.
Also, the thread did not talk about what kind of server side configuration needs to be done.

Thanks,
Shawn
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: secure image viewing

Post by Christopher »

I is just:

Code: Select all

header('Content-Type: image/jpeg');
See the header() documentation for examples.
(#10850)
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: secure image viewing

Post by kaisellgren »

The "size" and "trans" need to be taken care of. Otherwise you are allowing arbitrary files to be viewed.
Post Reply