hackalive Posted May 5, 2012 Share Posted May 5, 2012 Hi guys, I am using a MySQL table to store if a user has access permisisons to a file. The files are stored outside the webdirectory in drive F:\ So I have this code I have been playing around with in order to display the file I access and check permissions for: <?php $file = $_GET['file']; $myfile = 'F:\files\/'.$file.'.jpg'; echo "<img src='$myfile' />"; ?> So a sample case would be say on index.php <img src="http://somedomain.com/files?file=abcdefghijkl" /> and only if the current user had permissions to view that file would they see it. Any help on how I can do this is greatly appreciated. I do understand all my above code is probably totally wrong. Cheers Quote Link to comment Share on other sites More sharing options...
trq Posted May 5, 2012 Share Posted May 5, 2012 The F:\ drive will not be accessible because it is outside of the web servers root. You will need to use a php script to serve up the file. There is an example of how to do so in our code snippet / repository board. Quote Link to comment Share on other sites More sharing options...
hackalive Posted May 5, 2012 Author Share Posted May 5, 2012 Hello thorpe, I did think my code wasnt totally right Can you provide a link to the sample code? Quote Link to comment Share on other sites More sharing options...
trq Posted May 5, 2012 Share Posted May 5, 2012 This is the script I was thinking of. Not exactly what you need, as this will force a download, but hopefully you'll get the idea. The idea is to create a php file called image.php or whatever, have it do the database check and all that jazz, then if the user has access set the appropriate headers to make the image.php file serve an image. All you would need to do then is place it in your src attribute. eg; echo "<img src='image.php?f=somefile' />"; I'd post an example except the in laws are on there way. Quote Link to comment Share on other sites More sharing options...
hackalive Posted May 5, 2012 Author Share Posted May 5, 2012 Thanks thorpe, Ill have a play with it and see what I can get to work Quote Link to comment Share on other sites More sharing options...
hackalive Posted May 5, 2012 Author Share Posted May 5, 2012 Here is my code: test.php <?php echo "<img src='filehandler.php?file=1' />"; ?> filehandler.php <?php $file = $_GET['file']; // You would need a way to set the extension automatically. $file = 'F:\files\/'.$file.'.jpg'; // I use this $content_type so that the handler can become multi-purpose. //You will need an auto way to adjust the final $file line above. $content_type = mime_content_type($file); header("Content-Type: $content_type"); @readfile($file); ?> All seems to work, without permissions yet. Quote Link to comment Share on other sites More sharing options...
trq Posted May 5, 2012 Share Posted May 5, 2012 There is nothing stopping anyone from using your script now to look at whatever images they like though. You need to put the actual permissions checks in this file itself and maybe serve an "Unauthorised" image or something if your user doesn't have sufficient permissions. Quote Link to comment Share on other sites More sharing options...
hackalive Posted May 5, 2012 Author Share Posted May 5, 2012 I am implementing that now. I just wanted to get the header stuff to work first. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.