How do I make photos of my products in my website secure, such that only "members" can view them?
I have tried using putting them in a secure folder (outside public_html) and using a showimage.php but it doesn't work. It only outputs the url (text) of the image, not the image itself. I reckon this must be a problem with my web hosting, because in my local setup, it works.
So I'm asking here for alternatives. Any ideas?
How do I make photos of my products in my website secure?
Moderator: General Moderators
Re: How do I make photos of my products in my website secure?
here is my showImage.php
here is my test.php
i have a folder outside public_html called "natura_photos_large" that contains the image "P-20090227045201-11-3.jpg"
you may open the test.php page at
http://www.cebunatura.com/test.php
as you can see, the photo does not display. what am i doing wrong?
*PS i've actually posted before, issue was not resolved. i am reposting in this new thread. hope you understand.
Code: Select all
<?php
$filename = "../natura_photos_large/".$_GET[trans]."-".$_GET[size].".jpg";
header("Content-Type: image/jpeg");
echo file_get_contents($filename);
?>Code: Select all
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<img src="showImage.php?trans=P-20090227045201-11&size=3" border="1" />
</body>
</html>you may open the test.php page at
http://www.cebunatura.com/test.php
as you can see, the photo does not display. what am i doing wrong?
*PS i've actually posted before, issue was not resolved. i am reposting in this new thread. hope you understand.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: How do I make photos of my products in my website secure?
If the file path is correct, that should work. If not, make sure you have error reporting turned on (use E_ALL).obay wrote:Code: Select all
<?php $filename = "../natura_photos_large/".$_GET[trans]."-".$_GET[size].".jpg"; header("Content-Type: image/jpeg"); echo file_get_contents($filename); ?>
The code is vulnerable to traversal and truncation attacks by the way.
For instance, ************, eh you actually have a live link to your website ?
The problem is that the image file is somehow corrupted or not a valid JPG file. I tried saving the file on my desktop. The thumbnail loaded fine, but when I tried to open the file it was corrupted. If Paint or Photoshop couldn't open it, how could a web browser?