Posted by Jerry Stuckle on 05/17/06 14:11

b007uk@gmail.com wrote:
> Jerry Stuckle wrote:
>
>>b007uk@gmail.com wrote:
>>
>>>Jerry Stuckle wrote:
>>>
>>>
>>>>b007uk@gmail.com wrote:
>>>>
>>>>
>>>>>RainCT wrote:
>>>>>
>>>>>
>>>>>
>>>>>>Can you copy all the code?
>>>>>
>>>>>
>>>>>Sure, here it is:
>>>>>
>>>>><?php
>>>>>session_start();
>>>>>$dir = session_id();
>>>>>
>>>>>if ($_REQUEST['img'])
>>>>>{
>>>>>$showfile = "./temp/$dir/".$_REQUEST['img'];
>>>>>
>>>>> if (file_exists($showfile))
>>>>> {
>>>>> header("content-type: image/jpeg");
>>>>> header('Content-Length: ' . filesize($showfile));
>>>>> header("Content-Disposition: inline; filename=$showfile");
>>>>> readfile($showfile);
>>>>> }
>>>>>}
>>>>>echo "<img src='?img=1.jpg'>";
>>>>>?>
>>>>>
>>>>>If i keep session_start() "Save picture as" detects image as
>>>>>untitled.bmp, if i delete
>>>>>session_start() - everythng is fine, it is detected as jpeg, but i need
>>>>>session_id(), so i have to start session...
>>>>>And, i read somewhere in this group that i should add ini_set, like
>>>>>this:
>>>>>
>>>>><?php
>>>>>ini_set('session.use_cookies', '0');
>>>>>ini_set('session.cache_limiter', '');
>>>>>ini_set('session.cache_expires', '');
>>>>>session_start();
>>>>>$dir = session_id();
>>>>>....
>>>>>
>>>>>When i do that the image type is detected correctly as jpeg, but the
>>>>>file name is not, its named as the script, showimg.jpg,
>>>>>filename=$showfile" is not working for some reason. But i guess its
>>>>>good enough, it would be nice to detect the file name as well though
>>>>>
>>>>
>>>>But earlier you said this really is a bmp, not a jpg.
>>>>
>>>>Just changing the name or header is not going to change the real file type. It
>>>>will still be a bmp. If you want to change it to a jpg, you need to convert it
>>>>first.
>>>
>>>
>>>Yes, i understand that. The picture is jpeg (echo "<img
>>>src='?img=1.jpg'>";), but "save picture as" only offered to save it as
>>>bmp, not jpeg, that was my problem/question.
>>>
>>
>>OK, I misread your original post. I understand now.
>>
>>I haven't actually tried mixing session_start() with header(); normally if I'm
>>using header() I don't need session_start().
>>
>>Since both must be sent before anything else is output, I suspect there's a
>>conflict between the two. However, what should work is to use an img tag in
>>this file, pointing at a file containing your PHP code. In this file send your
>>session_start(); in the other file only send the header and image.
>>
>>This works because the img tag causes another request to the server, which
>>requires another header.
>
>
> Thank you very much!
> It sounds like a great idea, i don't fully understand how its going to
> work, but ill figure it out.
> My main concern is to be able to hide the actual path to the image file
> ($showfile = "./temp/$dir/".$_REQUEST['img'];) so it would not be
> anywhere in the html, and to make sure the file can only be downloaded
> once, by the person with the correct session id
>

With this method you can't hide the URL completely. You'll still have the path
to the php file in the img tag. But you should be able to now add some code to
the php file which will limit access to the image.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]