On 5 February 2010 09:08, elk dolk <elkdolk@xxxxxxxxx> wrote: >> ---------------------------------------------------------- >> > I have my photos in /public_html/img/gid directory and >> with this path: >> > <img src='http://www.mydomain.com/img/{$gid}/{$photoFileName}' in >> getImage.php the server displays the photos. >> > >> > Now if I put my photos outside of the public_html like >> this: >> > /hidden_images/img/gid >> > >> > what would be the correct path to the photos in the >> getImage.php script? >> >> Do you mean what url? You'll need a script to pull them >> from outside the document root. The advantage of this is you >> can do authentication checks before displaying the image. >> The disadvantage is the web-server isn't serving the images >> directly so there will be a slow down. >> >> So you point your images to >> >> getimage.php?image=123456 >> > .............................................................. > thank you for your useful comment, but I mean what url should I use > for img src instead of <img src='http://www.mydomain.com/img/{$gid}/{$photoFileName}' in the getImage.php script? > > > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > The whole point of putting the images _OUTSIDE_ of the web root is to completely remove the possibility of having all your images downloaded without any checks of who is doing it. If I can enter the URL of the image directly, why would I pay you for it (for example). So, producing a symlink/alias of the images folder so that it DOES exist within docroot is completely redundant. Something like this is what I would expect your getImage.php script to be. <?php // Session processing - validate session - force login page or just home page if not valid. // Where are the images? define('IMAGES_LOCATION', '/some/absolute/path/to/the/images/'); // Validate the image ID requested - must be +ve integer. if (!is_numeric($_GET['imgID']) || intval($_GET['imgID']) <= 0) { // force login or just home page as the request is invalid. exit; } // Force the Image ID to an integer. $imgID = intval($_GET['imgID']); // At this stage, you need to convert the id from a number to the file name. // I assume you have a DB of these. $imgName = some_technique_to_get_the_name($imgID); // Make sure the image exists. if (!file_exists(IMAGES_LOCATION . $imgName)) { // Report a missing image. exit(); } // Read image's type. $imgData = getimagesize(IMAGES_LOCATION . $imgName); // Send appropriate image header. header("Content-type: {$imgData['mime']}"); // Send the image. readfile(IMAGES_LOCATION . $imgName); // Done. exit(); ?> -- ----- Richard Quadling "Standing on the shoulders of some very clever giants!" EE : http://www.experts-exchange.com/M_248814.html EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 ZOPA : http://uk.zopa.com/member/RQuadling -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
