PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
It is currently Wed Sep 30, 2020 5:10 pm

All times are UTC - 5 hours

Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Sun Jun 03, 2012 1:42 pm 
Forum Newbie

Joined: Sun Jun 03, 2012 11:56 am
Posts: 3
Hi out there!
I would realy appreciate help with the following problem.
I'm developing an application that shall view images from surveillance cameras uploaded to an password protected FTP-folder.
Outside this FTP-folder I have script that shall get the images and view them page by page.
The problem is, that I can't find any way to view the images from the FTP-folder while it is protected for public access.
(uploadImage.jpg is in my original script an variable that return one file at each iteration)

My file and script structure are like this:

The camera1 must not be open to public access, while the script imageView.php shall be accessible via login script.
I'v also tried to place the /ftp/camera1/uploadImage.jpg folders at this place
and unprotect them.
But there I cant reach the files at all.
As most of you guess, I suppose, I'm not very experienced PHP-developer.

I would realy appreciate some code sample for imageView.php that can view several image files in the same page, from a folder that has no public access, without that the user has to key in som unsername and password, more than the first login.

thanks in advance!

PostPosted: Sun Jun 03, 2012 4:46 pm 
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6617
Location: WA, USA
Unless there are file or folder permission problems, you can just look at it as a normal directory. Like
Syntax: [ Download ] [ Hide ]
$files = glob($_SERVER["DOCUMENT_ROOT"] . "/ftp/camera1/*.jpg");

PostPosted: Mon Jun 04, 2012 2:15 pm 
Briney Mod
User avatar

Joined: Mon Jan 19, 2004 7:11 pm
Posts: 6446
Location: 53.01N x 112.48W
The first thing you should do is move your camera1 folder outside the document root (ie: below public_html). That way even if your security fails somehow, Apache is totally unable to serve up the images.

Assuming you can't do that, you can put an .htaccess file in the directory which denies all access. This way, any requests made from a user get denied. Accessing the files via PHP is not affected by the .htaccess file.

I think the easiest way to serve up these images is to use an image "proxy" file that you can reference like an image file:

Syntax: [ Download ] [ Hide ]
<img src = "/application/imageProxy.php?file_name_here.jpg" alt = "" />

That imageProxy.php file can then check if the user is authenticated and if so, go get the image data and output it to the browser.

Real programmers don't comment their code. If it was hard to write, it should be hard to understand.

PostPosted: Thu Jun 07, 2012 1:59 pm 
Forum Newbie

Joined: Sun Jun 03, 2012 11:56 am
Posts: 3
Tanks requinix and pickle for your replays.

But I can't get any of them to work. Probably because I can't use your advice good enough.
About the code: $files = glob($_SERVER["DOCUMENT_ROOT"] . "/ftp/camera1/*.jpg");
I have tried to put the $files in the img tag like printf("<img src='%s' />",$files); and many other ways, with no success.
The path is completely ok, but no image come up in the webpage.

I have also tried a proxy.php script I found on the net, see below --- No success! :(
I put it in the tag: <img src="proxy.php?pic=0+backyard_DSC00004.jpg" alt="Loaded by proxy" /> and in many other ways, among others also <img src="<?php proxy.php?pic=0+backyard_DSC00004.jpg ?>" alt="Loaded by proxy" />, but no! Only the alt text appair in the webpage.
And when the proxy script execute, I get an error about the header is already sent, as the images shall be inserted in a regualr webpage which has a header.
// define absolute path to image folder
$image_folder = 'systempath/public_html/ftp/camera1/';
// get the image name from the query string
// and make sure its not trying to probe your file system

if (isset($_GET['pic']) && basename($_GET['pic']) == $_GET['pic']) {
$pic = $image_folder.$_GET['pic'];
if (file_exists($pic) && is_readable($pic)) {
// get the filename extension
$ext = substr($pic, -3);
// set the MIME type
switch ($ext) {
case 'jpg':
$mime = 'image/jpeg';
case 'gif':
$mime = 'image/gif';
case 'png':
$mime = 'image/png';
$mime = false;
// if a valid MIME type exists, display the image
// by sending appropriate headers and streaming the file
if ($mime) {
header('Content-type: '.$mime);
header('Content-length: '.filesize($pic));
$file = fopen($pic, 'rb');
if ($file) {

So I would really appreciate som more specific help on this problem.

Regards lar.

PostPosted: Wed Jun 13, 2012 1:00 pm 
Forum Newbie

Joined: Sun Jun 03, 2012 11:56 am
Posts: 3

The image directory to which image files are uploaded from the IP-camera is now located above the document root, that is on the same level as the public html directory, where it is impossible for anyone to view them in a browser. Just as it is said in a comment above. Thanks for that advice!

In the document root, in a public directory below the public_html, is the "public" password protected php-file in which the images are viewed with this type of code:
..... php code that cycle through an array with all filenames in the image directory .....
printf("<img src='proxy.php?pic=%s' >",arrImage[x]);
...... the rest of the code ...........

In the proxy.php file, that is located together with the "view file", is the variable $image_folder set to the system path of the image directory.
I have a "+" sign in my filenames, those are replaced by a space somewhere in the transfer from the printf statement to the $_GET-statement in the proxy file, so I had to restore this "+" sign by:
$pic = str_replace(" ","+",$pic);
Why the "+" is replaced by a space when used in the GET argument, I have no idea about.

And I also had to remove the: "&& is_readable($pic)" in the proxy.php because that stoped the execution of the script.
Why it don't work in my system (regular unix commercial web hosting) I have no idea about.

But with those adjustments it works perfectly well for me to view images from a directory which I think is completely unavaible for regular visitors, even if they of some reason schould come to know about the path to the image file.

Best regards

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 5 hours

Who is online

Users browsing this forum: No registered users and 15 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group