Images and PHP - comp.lang.php

I have a folder full with images, and for security reasons I don't want anyone to know where the folder is. So, to call images, I know there is a way to call like a PHP file instead. For example Galley 2 (a PHP-enabled photo album) safetly tucks away the actual images and in the image source, it calls for something like "main.php?g2_view=core.DownloadItem&g2_itemId=12&g2_serialNumber=3". How do you do that? Do you need to use the database to do this? Thank you.

Let's think about why you don't want people to know where the folder is for a second. Presumably this is because you don't want all the images downloaded by guessing the url. Therefore sticking itemid in the url makes an equivelence. If you are having your images uploaded then it would be a simple job to store the ddetails of the image in a db and call them out when required. You could have an image 1.gif and give it the url /img/{filecode}.gif/as/1.gif where {filecode} is some random number, perhaps even itemid-filecode.gif. Then in the webroot you have a directory called img in which you put a ..htaccess file containing RewriteEngine On RewriteBase /img RewriteRule ^(.*)(/as/)(.*)$ /images/$1 Options -Indexes The file is then save to /images/{filecode}.gif The random number prevents easy guessing of image names and the structure of the url makes the browser theink the file is called 1.gif. This presumably covers your requirements and means that apache does all the work without having to use PHP to get the file, which is much more efficient. Also since the OS is being asked for a file then it's file caching functions swing in to force meaning the most common images are likely to be stored in RAM for even quicker delivery.

"The Numerator" <alvin4jesus@gmail.com> wrote in news:1145849539.405551.3470@t31g2000cwb.googlegroups.com: > I have a folder full with images, and for security reasons I don't want > anyone to know where the folder is. So, to call images, I know there is > a way to call like a PHP file instead. For example Galley 2 (a > PHP-enabled photo album) safetly tucks away the actual images and in > the image source, it calls for something like > "main.php?g2_view=core.DownloadItem&g2_itemId=12&g2_serialNumber=3". > > How do you do that? Do you need to use the database to do this? Thank > you. yes, use a database, but not to store images in. put the images in a folder above the web root. that way, the images simply cannot be accessed via the web, period. in the database, store the image name, the path to the image (from the SERVER's point of view, not a web address, since there is no web address that can access the image), and a 'keystring', generated by you/your app, that uniquely identifies the database entry. For example, the keystring for image 1 could be 'asdiuhsadha1312' and for image 2, it could be 'fjgkjdfgudsagh'. to retrieve, or link to the image on a webpage, you could call the file "fetchphoto.php" like so: <a href="fetchphoto.php?vKeystring=asdiuhsadha1312">Fetch this photo!</a> your 'fetchphoto.php' page then looks up the server path to the image in the database (according to the keystring), and uses fopen() and fread() to deliver the image to the web browser. this method is infinitely easier than the others suggested IMHO. ps: the reason you use a 'keystring' and not just an ID from the database is to prevent people from changing "fetchphoto.php?vID=1" to "fetchphoto.php?vID=2" and download other photos that they shoudn't. good luck.

"The Numerator" <alvin4jesus@gmail.com> wrote in message news:1145849539.405551.3470@t31g2000cwb.googlegroups.com... |I have a folder full with images, and for security reasons I don't want | anyone to know where the folder is. So, to call images, I know there is | a way to call like a PHP file instead. For example Galley 2 (a | PHP-enabled photo album) safetly tucks away the actual images and in | the image source, it calls for something like | "main.php?g2_view=core.DownloadItem&g2_itemId=12&g2_serialNumber=3". | | How do you do that? Do you need to use the database to do this? Thank | you. i don't normally do this, but i'm going to paste source. (sorry about the text wrapping). do NOT store images in a db as this limits your options when you consider migrating from one db to another and the amount of code that could need changes. it's a pain in the ass. the following requires the gdi lib. anyway, here's how to call this first set of code (generates a thumbnail of an image and when clicked, opens the actual file): note that i include a config page with a "site" class that stores info about the web site...$site->uri would be like "http://www.mysite.org/"...you'll notice other functions that come from my functions.inc.php script...just modify what you need to - even hard code for now. <a href="<?= $site->uri ?>get.file.php?fileName=blah.jpg" style="font-size:8pt;" target="VIEW_FILE" > <img src="<?= $site->uri ?>get.thumb.nail.php?fileName=blah.jpg&maxSize=200" alt="File Not Found!" title="Click To Open: blah.jpg" /> blah.jpg </a> ====== contents of get.thumb.nail.php ======== <? require_once 'site.cfg.php'; require_once $site->includeDirectory . 'functions.inc.php'; $fileName = $_REQUEST['fileName'] ? $_REQUEST['fileName'] : $_REQUEST['altImage']; $maxSize = $_REQUEST['maxSize'] ? $_REQUEST['maxSize'] : 200; $filePath = $site->imagesDirectory; if (!(isSupportedImage($fileName) || isSupportedMedia($fileName))) { $fileName = isSupportedMedia($fileName) ? 'media.jpg' : 'document.jpg'; } $fileData = @file_get_contents($filePath . $fileName); $originalImage = @imagecreatefromstring($fileData); @list($imageWidth, $imageHeight, $imageType, $imageAttributes) = @getimagesize($filePath . $fileName); $newImageHeight = $imageWidth < $maxSize ? $imageHeight : ($imageHeight / $imageWidth) * $maxSize; $newImageWidth = $imageWidth < $maxSize ? $imageWidth : $maxSize; $thumbNail = @imagecreatetruecolor($newImageWidth, $newImageHeight); @imagecopyresampled( $thumbNail, $originalImage, 0, 0, 0, 0, $newImageWidth, $newImageHeight, @imagesx($originalImage), @imagesy($originalImage) ); @imagejpeg($thumbNail); @imagedestroy($thumbNail); @imagedestroy($originalImage); ?> =========== ======= contents of get.file.php ========== <? require_once 'site.cfg.php'; $fileData = ''; $fileName = $_REQUEST['fileName']; $filePath = $site->uploadBaseDirectory; if ($fileName != ''){ $fileData = @file_get_contents($filePath . $fileName); } header("content-type: application/octet-stream" ); header("content-size: " . count($fileData) ); header("content-disposition: inline; filename=$fileName"); echo $fileData; ?> =========== hth, me

| This presumably covers your requirements and means that apache does all | the work without having to use PHP to get the file, which is much more | efficient. Also since the OS is being asked for a file then it's file | caching functions swing in to force meaning the most common images are | likely to be stored in RAM for even quicker delivery. not to split hairs...but... this dedicates you to only using apache as the web server and relies on everyone having a list of detailed instructions (like you just gave) in order to deploy the solution. not only that, but some people have web hosting services that are pricks and won't allow you to do that. and from all the hub-bub about using keys...it may as well *be* a file name. one has an equal chance at guessing the next key as to guessing the correct name of another image. further, in the method above, there is no graceful way to display that the image was not found...apache simply either coughs up a nasty error or your image's alt text will be all that's shown. also, there is no real need to hit the db to see if the image exists. if you need to display the details related to the image, that's another story. finally, whether an image is cached in ram or read from disk is a non-issue. that will never compare to the time lost during transport - especially for larger images. the difference in times in preparing the image for transport is nano-seconds at best. i've said all that to raise valid considerations to the described approach...not to knock the idea. if you program it correctly in php, you can put the code on any server, any os, and never have to configure a thing except the rights on the folder containing the images/files. just a thought.