Page 1 of 1

How do I make photos of my products in my website secure?

Posted: Tue Mar 17, 2009 5:20 am
by obay
How do I make photos of my products in my website secure, such that only "members" can view them?

I have tried using putting them in a secure folder (outside public_html) and using a showimage.php but it doesn't work. It only outputs the url (text) of the image, not the image itself. I reckon this must be a problem with my web hosting, because in my local setup, it works.

So I'm asking here for alternatives. Any ideas?

Re: How do I make photos of my products in my website secure?

Posted: Tue Mar 17, 2009 10:53 am
by Mordred
Code?

Re: How do I make photos of my products in my website secure?

Posted: Tue Mar 17, 2009 12:44 pm
by obay
here is my showImage.php

Code: Select all

<?php
 
$filename = "../natura_photos_large/".$_GET[trans]."-".$_GET[size].".jpg";
header("Content-Type: image/jpeg");
echo file_get_contents($filename);
 
?>
here is my test.php

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
 
<body>
<img src="showImage.php?trans=P-20090227045201-11&size=3" border="1" />
</body>
</html>
i have a folder outside public_html called "natura_photos_large" that contains the image "P-20090227045201-11-3.jpg"

you may open the test.php page at

http://www.cebunatura.com/test.php

as you can see, the photo does not display. what am i doing wrong? :(

*PS i've actually posted before, issue was not resolved. i am reposting in this new thread. hope you understand.

Re: How do I make photos of my products in my website secure?

Posted: Wed Mar 18, 2009 9:00 am
by kaisellgren
obay wrote:

Code: Select all

<?php
 
$filename = "../natura_photos_large/".$_GET[trans]."-".$_GET[size].".jpg";
header("Content-Type: image/jpeg");
echo file_get_contents($filename);
 
?>
If the file path is correct, that should work. If not, make sure you have error reporting turned on (use E_ALL).

The code is vulnerable to traversal and truncation attacks by the way.

For instance, ************, eh you actually have a live link to your website ?

The problem is that the image file is somehow corrupted or not a valid JPG file. I tried saving the file on my desktop. The thumbnail loaded fine, but when I tried to open the file it was corrupted. If Paint or Photoshop couldn't open it, how could a web browser?