On 5 February 2010 09:08, elk dolk <elkdolk@yahoo.com> wrote:
>> ----------------------------------------------------------
>> > I have my photos in /public_html/img/gid directory and
>> with this path:
>> > <img src='http://www.mydomain.com/img/{$gid}/{$photoFileName}' in
>> getImage.php the server displays the photos.
>> >
>> > Now if I put my photos outside of the public_html like
>> this:
>> > /hidden_images/img/gid
>> >
>> > what would be the correct path to the photos in the
>> getImage.php script?
>>
>> Do you mean what url? You'll need a script to pull them
>> from outside the document root. The advantage of this is you
>> can do authentication checks before displaying the image.
>> The disadvantage is the web-server isn't serving the images
>> directly so there will be a slow down.
>>
>> So you point your images to
>>
>> getimage.php?image=123456
>>
> ..............................................................
> thank you for your useful comment, but I mean what url should I use
> for img src instead of <img src='http://www.mydomain.com/img/{$gid}/{$photoFileName}' in the getImage.php script?
>
>
>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
The whole point of putting the images _OUTSIDE_ of the web root is to
completely remove the possibility of having all your images downloaded
without any checks of who is doing it.
If I can enter the URL of the image directly, why would I pay you for
it (for example).
So, producing a symlink/alias of the images folder so that it DOES
exist within docroot is completely redundant.
Something like this is what I would expect your getImage.php script to be.
<?php
// Session processing - validate session - force login page or just
home page if not valid.
// Where are the images?
define('IMAGES_LOCATION', '/some/absolute/path/to/the/images/');
// Validate the image ID requested - must be +ve integer.
if (!is_numeric($_GET['imgID']) || intval($_GET['imgID']) <= 0) {
// force login or just home page as the request is invalid.
exit;
}
// Force the Image ID to an integer.
$imgID = intval($_GET['imgID']);
// At this stage, you need to convert the id from a number to the file name.
// I assume you have a DB of these.
$imgName = some_technique_to_get_the_name($imgID);
// Make sure the image exists.
if (!file_exists(IMAGES_LOCATION . $imgName)) {
// Report a missing image.
exit();
}
// Read image's type.
$imgData = getimagesize(IMAGES_LOCATION . $imgName);
// Send appropriate image header.
header("Content-type: {$imgData['mime']}");
// Send the image.
readfile(IMAGES_LOCATION . $imgName);
// Done.
exit();
?>
--
-----
Richard Quadling
"Standing on the shoulders of some very clever giants!"
EE : http://www.experts-exchange.com/M_248814.html
EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp
Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
ZOPA : http://uk.zopa.com/member/RQuadling
|