ansaurus

Question

Get content (images) from above webscope

Answer 1

A:

Why don't you use a login mechanism to verify if a person is allowed to access the image? This is easily done and security is high.

Thariama 2010-08-11 15:48:40

I have a login mechanism, but if somebody just enters "http://domain.com/path/to/image/image.jpg", it will be shown wether he is logged in or not. Thats my concern...

Mathias Bak 2010-08-11 15:52:16

In that case you need to store the images in a database instead of just having the images liing around in your webspace. Let the php script access the image from the database only if they are allowed to.

Thariama 2010-08-11 15:58:33

Thanks for the quick response!!I could do that, but db-traffic is to expensive for the volume I am going to use, so that's unfortunately not an option.

Mathias Bak 2010-08-11 16:13:14

how big in size will your images be?

Thariama 2010-08-12 07:18:09

They will be about 3 - 4 mb each. Size of the (full) images is estimated to allocate 50 Gb diskspace each year. And traffic will be increasing proportionally each year too.

Mathias Bak 2010-08-12 10:21:04

Answer 2

A:

You're going about retrieving the image wrong. There's no reason you should decode the JPEG into a raw bitmap in memory (imagecreatefromjpeg(), which can suck a HUGE amount of memory if the original image is largeish), re-compress it (imagejpeg() with all the lossiness and CPU overhead that goes along with it), when all you need to do is copy the bytes over.

Assuming you want the capability of multiple images being uploaded for multiple different users, you'd need some way of identifying which image the user wants, which can be done easiest by recording the uploads in a database and assigning a unique ID to each. There's lots of other answers on SO here how to do that, so I'm not going to hash it over again.

Your viewing script would have something like this:

<img src="retrieve-image.php?imageID=123" />

And retrieve-image.php would look like:

<?php

function is_user_allowed_to_see($imageID) {
   // figure out if user is allowed to see the specified image
}

if (is_user_allowed_to_see_this($_GET['imageID'])) {
    readfile("/www/uploads/domain.com/" . $_GET['imageID']);
} else {
    readfile("/www/domain.com/sorry-not-allowed.jpg");
}

readfile() is the preferred way of streaming a file to the user via PHP. It'll take care of reading the file's contents and sending it to the browser in chunks that won't exceed the script's memory limit.

Since you're loading the image data directly into an <img> tag, you can't output a plaintext "sorry, not allowed to see this" text, as it'd be an invalid image and you'll just get the broken picture icon. So, if the user's not allowed, send an image that contains text/image (say, a red slashed-circle) saying so instead of the actual image.

Marc B 2010-08-11 15:57:03

Thanks for your answer and for the readfile() code. But it still does not work :( When i output $_SERVER['DOCUMENT_ROOT']; it prints **/home/www/domain.com/**. I have put the image in the the "home" folder which is over webscope.I wrote readfile( realpath("../../image.jpg" )); but that does not show any image. Any other suggestions?P.S. I would rank you up if i could, but i don't have enough points

Mathias Bak 2010-08-11 16:11:44

ansaurus

tags:

views:

answers:

Get content (images) from above webscope

related questions