当前位置: 动力学知识库 > 问答 > 编程问答 >

php - Get content (images) from above webscope

问题描述:

I am creating an online service where "special users" can upload their images. It is very important that the images are not exposed to anyone else than the user who uploaded them. I have heard that the best way to protect the images is to put them over the webscope.

So far so good.

My problem is that i can't display the images, how is this done? The application is written in PHP and the directory structure is like this:

/ # this is where i placed the images

/www

/www/domain.com/ # This is the root of the website

I have put up a testscript to retrieve the images with this code

header('Content-type: image/jpeg');

$image = imagecreatefromjpeg( realpath('../../image.jpg'));

imagejpeg($image);

imagedestroy($image);

which delivers the image to this file which displays it

<img src="retrieve-image.php" />

Can anyone please tell me what I am doing wrong? Can it be the php.ini which is set incorrectly? Is there a more easy way to protect the images?

Thanks in advance !!

// Mathias Bak

P.S. How do i write code in my post the proper way??

网友答案:

You're going about retrieving the image wrong. There's no reason you should decode the JPEG into a raw bitmap in memory (imagecreatefromjpeg(), which can suck a HUGE amount of memory if the original image is largeish), re-compress it (imagejpeg() with all the lossiness and CPU overhead that goes along with it), when all you need to do is copy the bytes over.

Assuming you want the capability of multiple images being uploaded for multiple different users, you'd need some way of identifying which image the user wants, which can be done easiest by recording the uploads in a database and assigning a unique ID to each. There's lots of other answers on SO here how to do that, so I'm not going to hash it over again.

Your viewing script would have something like this:

<img src="retrieve-image.php?imageID=123" />

And retrieve-image.php would look like:

<?php

function is_user_allowed_to_see($imageID) {
   // figure out if user is allowed to see the specified image
}

if (is_user_allowed_to_see_this($_GET['imageID'])) {
    readfile("/www/uploads/domain.com/" . $_GET['imageID']);
} else {
    readfile("/www/domain.com/sorry-not-allowed.jpg");
}

readfile() is the preferred way of streaming a file to the user via PHP. It'll take care of reading the file's contents and sending it to the browser in chunks that won't exceed the script's memory limit.

Since you're loading the image data directly into an <img> tag, you can't output a plaintext "sorry, not allowed to see this" text, as it'd be an invalid image and you'll just get the broken picture icon. So, if the user's not allowed, send an image that contains text/image (say, a red slashed-circle) saying so instead of the actual image.

网友答案:

Why don't you use a login mechanism to verify if a person is allowed to access the image? This is easily done and security is high.

分享给朋友:
您可能感兴趣的文章:
随机阅读: