Securing path to images folder

Cheers

Please can anyone help?
(I'm at intermediate level, not quite hardcore PHP programmer!)

I've had someone help me with this before, but I've now forgotten what their suggestion was!

Anyway, I'm building a 'hot or not' type image-upload and vote thingy for one of my sites, but I'm expanding upon the idea.

The snippet of code that I require essentially protects the path to the directory where the images are located.

I need it to be secure enough so that when you right click on the image properties it displays something like http://www.mydomain.com/showpicture?id=1 or whatever.

How do I go about this?

Thanx

rohithmr

Well one way to achieve wat u want is reading the picture file from a php file and then echoing into the browser with the content=type header 'jpeg' or whatever.

BUt if u want to access the pics with the ?id=1, then u probabaly wudd have to store the name of the jpeg in a database or something similar. But i do not recommend this beacuse it will add additional overhead to the database.

One alternative that i think is that instead of ?id=1, pass the name of the pic file. So call it like http://www.mydomain.com/showpicture.php?n=pic1

then in the showpicture.php

<?php
$secret_prefix = 'myImages_'; // Again jus an additional precaution
$path = '/actual/path/to/images/folder/';
$name = str_replace('..','',$_GET['n']);  //Jus a simple NON through safety precaution

//Open the file
$fp     = fopen($path.$name.$secret_prefix.'jpg','rb');
$data = fread($fp,filesize($path.$name.$secret_prefix.'jpg'));
fclose($fp);

//Send the header
header('Content-Type: image/jpeg');
echo $data;
?>

Please note that i didnt test the example above. Since ur a intermediate programmer jus as i am, u shudd prolly get what im tryin to do. Also note that when u upload new files, add the secret prefix to the file, as in this example : pic1_myImages.jpg and u wudd access it by
http://www.mydomain.com/showpicture.php?n=pic1

Let me kno how it turns out.

Cheers

Thanx for that, I had to hack around a bit coz I'm testin on XP.
Nevertheless, I got it working as intended.

I think you missed the '.' in jpg in $fp & $data.
&
I put $secret_prefix before $n

I'm now onto stage 2:

Q1. Any ideas on how I can efficiently expand this for 'gif's

One other thing:
Q2. Each user can upload more than 1 image (upto 10).
I've done this previously on another site and at the upload stage I've renamed each file $profile_id_1.jpg, $profile_id_2.gif etc. but checking the existence of files for display purposes (users gallery) can be a bit messy especially when they might have deleted 3.jpg when 2.jpg and _4.jpg remain.

Anyone have any better ideas, maybe with a MySQL table?

Thanks again!

Here's the final working for anyone else:

<?
$path = "d:/html/mysite/";
$secret_prefix = "hidepix_";  // Again jus an additional precaution
//Jus a simple NON through safety precaution
$name = str_replace("..","",$_GET['n']);  //Jus a simple NON through safety precaution
//Open the file
$fp = fopen($path.$secret_prefix.$n.".jpg","rb");
$data = fread($fp,filesize($path.$secret_prefix.$n.".jpg"));
fclose($fp);

//Send the header
header('Content-Type: image/jpeg');
echo $data;
?>

😉

rohithmr

ok Im glad that you got that working. As for your questions:

1) you can use PHP's getimagesize t0 detemine the type of image( whether a jpeg or GIF or PNG or TIFF etc) and its dimensions. I strongly suggest reading up on that function on PHP.net.

2) As for displaying purposes, cant u jus use this:

For ex:

$imgdir = 'D:/images/';
$handle = opendir($imgdir);

while (false !== ($file = readdir($handle))) { 
       if ('..' != $file && '.' != $file && is_file($file)) {  // Skip if the current item is '..' or '.' or not a file
           echo $file .'<br />';
       } 
 }

Again, i didnt test the code, but u get the idea. Also insteadd of echoing out the filename, u can echo it as a link or if use templates, assgn them to proper variables.