What CHMOD to use?
Moderator: General Moderators
What CHMOD to use?
What CHMOD should i use to display images on web pages but disallow direct access to them thru address bar?
I tried 700. It successfully disallows accessing the image directly thru browser's address bar, but it also doesn't display the images on the webpages.
Help?
I tried 700. It successfully disallows accessing the image directly thru browser's address bar, but it also doesn't display the images on the webpages.
Help?
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: What CHMOD to use?
There is no such thing. In both cases, the web browser requests for the image exactly the same way. No difference. The only difference is practical: you have to type the address in the second case.obay wrote:What CHMOD should i use to display images on web pages but disallow direct access to them thru address bar?
I tried 700. It successfully disallows accessing the image directly thru browser's address bar, but it also doesn't display the images on the webpages.
Help?
May I ask you what are you trying to achieve?
Re: What CHMOD to use?
I have some photos of our products which i DON'T want non-registerered/non-logged-in users to see.
But I realized that if the user just knows the URL of the image, he can view it.
For example, i have "smaller" versions of the photos which everyone can see. If user right-clicks it, he can see the it's stored in photos/myphoto1-small.jpg. so it's easy to guess the large photo is in photos/myphoto1-large.jpg. when we inputs that in the web browser address bar, he gets the photo without even logging in.
But I realized that if the user just knows the URL of the image, he can view it.
For example, i have "smaller" versions of the photos which everyone can see. If user right-clicks it, he can see the it's stored in photos/myphoto1-small.jpg. so it's easy to guess the large photo is in photos/myphoto1-large.jpg. when we inputs that in the web browser address bar, he gets the photo without even logging in.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: What CHMOD to use?
The photos (secured ones) should be delivered through PHP. They may not be directly accessible. For instance:obay wrote:I have some photos of our products which i DON'T want non-registerered/non-logged-in users to see.
But I realized that if the user just knows the URL of the image, he can view it.
For example, i have "smaller" versions of the photos which everyone can see. If user right-clicks it, he can see the it's stored in photos/myphoto1-small.jpg. so it's easy to guess the large photo is in photos/myphoto1-large.jpg. when we inputs that in the web browser address bar, he gets the photo without even logging in.
showimage.php?photo_id=5
Code: Select all
$photo_id = (int) $_GET['photo_id'];
// find out photo filename somehow... may it be stored in the database or whatever...
header('Content-Type: image/png');
echo file_get_contents($path_to_the_photo);And make sure you store the secured photos outside the document root.
Re: What CHMOD to use?
this is great! so this means i can now set the photos to CHMOD 700 and still have them displayed (thru PHP), correct?
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: What CHMOD to use?
In every website, there is a public root directory. Everything under it, are accessible from the URL (if not restricted elseway), but everything outside this root, are no way accessible. Just put the photos outside the document root (e.g. public_html, www, htdocs, ...). This way PHP can only access them.obay wrote:this is great! so this means i can now set the photos to CHMOD 700 and still have them displayed (thru PHP), correct?
If you did not get it, look:
Code: Select all
/home/yourhostingaccount/public_html/index.php
/home/yourhostingaccount/photos/image.pngRe: What CHMOD to use?
thanks! you've been most helpful!! 
Re: What CHMOD to use?
hi again!
i've done everything you said and everything works fine in my local webserver. but when i uploaded it to my host, the images don't show. i've set the folder permissions to 755, even now that it's outside public_html, but images dont show.
what might be the problem?
i've done everything you said and everything works fine in my local webserver. but when i uploaded it to my host, the images don't show. i've set the folder permissions to 755, even now that it's outside public_html, but images dont show.
what might be the problem?
Re: What CHMOD to use?
i tried to open my showImage.php file from the address bar, and i've discovered that instead of "echo"ing the photo, it just "echo"es the full path of the file (that is, the http://www.mysite.com/showImage.php?photoid=123)
when i do this on my local server, it displays the photo, but here it displays the complete URL.
im confused...
any help?
when i do this on my local server, it displays the photo, but here it displays the complete URL.
im confused...
any help?
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: What CHMOD to use?
The image data was not loaded correctly. Are you sure the photos are there and that the path is correct?obay wrote:i tried to open my showImage.php file from the address bar, and i've discovered that instead of "echo"ing the photo, it just "echo"es the full path of the file (that is, the http://www.mysite.com/showImage.php?photoid=123)
when i do this on my local server, it displays the photo, but here it displays the complete URL.
im confused...
any help?
Re: What CHMOD to use?
i just talked with my hosting company.
images need to be inside public_html
this sucks!
images need to be inside public_html
this sucks!
Re: What CHMOD to use?
i have to redo everything.
any ideas?
any ideas?
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: What CHMOD to use?
Are you sure? Why cannot they be outside the public root?!
What web hosting are you using, this is crazy. They basically ask you to be unsafer. I have lots of experience with web hosts, and I must say that many live or email support guys and gals will not always know what they are answering...
Can you browse outside the public root with your FTP client using your FTP credentials? If so, create a folder outside the public root and try if PHP is able to write and read into it.
What web hosting are you using, this is crazy. They basically ask you to be unsafer. I have lots of experience with web hosts, and I must say that many live or email support guys and gals will not always know what they are answering...
Can you browse outside the public root with your FTP client using your FTP credentials? If so, create a folder outside the public root and try if PHP is able to write and read into it.
Re: What CHMOD to use?
i am on hostgator.com
1. "myphotos" folder outside public_html:
yes, i have been able to create a folder outside public_html and have been read and write to it. the path is /myphotos with permissions 755.
but photos don't display. when i try to access the showImage.php from the address bar, it just displays the complete URL of the showImage file (that is http://www.mysite.com/showImage.php?photoid=123). this is different from my local server, which displays the image
2. "myphotos" folder inside public_html:
i have just discovered that even if i put the photos folder inside public_html, same behavior. showImage.php just displays the URL, not the image.
any ideas?
1. "myphotos" folder outside public_html:
yes, i have been able to create a folder outside public_html and have been read and write to it. the path is /myphotos with permissions 755.
but photos don't display. when i try to access the showImage.php from the address bar, it just displays the complete URL of the showImage file (that is http://www.mysite.com/showImage.php?photoid=123). this is different from my local server, which displays the image
2. "myphotos" folder inside public_html:
i have just discovered that even if i put the photos folder inside public_html, same behavior. showImage.php just displays the URL, not the image.
any ideas?
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: What CHMOD to use?
I have twelwe accounts on HostGator. A few shared and a one dedicated. So far, I have been able to upload files outside the public root. If they told you that you cannot upload or do that, then the support guy didn't know what he was talking about.
Indeed. It is not related to "not being able to upload somewhere". I bet you are using Firefox, which by default displays the location of the requested file in case there is no content outputted to it. Remove the header() call, and see what the browser outputs. I bet it outputs nothing. If that is so, then for some reason the script does not load the file contents properly. It's a bug in your script, hard to know what is wrong really.obay wrote:i have just discovered that even if i put the photos folder inside public_html, same behavior. showImage.php just displays the URL, not the image.