I'd like to create a restricted admin area on my website where I can upload pictures to and save them into one of my website directories.
I don't want the uploaded pictures to be accessible directly using directory listing or using the full path, e.g. www.mywebsite.at/uploads/test.jpg.
I read about htaccess and it basically now works that I can't access these files directly from the browser, but how can I ensure that I can still access them using PHP? Whenever I have uploaded a picture I would like to use it at a specific time (e.g. daily at 7pm) to upload it to different websites like 500px.com using their API.
Thanks,
David
Related
I have a folder full of images on my server where my mobile app accesses them.
www.mysite.com/images/image001.jpg
Whoever has this link now can access the files. Also can comprehend that the images are in a certain order and thus guess the pattern etc...
The image links are gotten via the php inside the app that use token to verify the user is legit and indeed the request is coming from a mobile that has downloaded the app.
What I want to do is to secure the folder from external access and prevent people from accessing the folder and seeing everything from a browser and limit its access only via the php file.
I have used the trick of .htaccess with deny from all so that it show the forbidden message whenever someone visits from the web, however, all my JSON requests also do not work now.
What can I do to accomplish this?
You will have to serve the images with a PHP script that also checks that access is permitted.
Once you've done this you can simply store the images outside the web root, which makes them inaccessible from the web, except through the PHP file that serves them.
best option is to make the pic links randomized and un-guessable
so a pic link would look like this:
www.mysite.com/images/8Md9FhD1hANdIBUz4WVCzKR227fykTByq6SKHas5FyYJDr2EjAlIn1bS0f5gPJih.jpg
youtube use this method for "private" videos
users / bots cant be accesses randomly, and you cant guess the next pic.
when the user is authenticated display the link. the worst thing that can happen is that this user can share that link, (he can download and share not matter what you do)
when you save the picture on your server just randomize the name.
I have two websites on a hosted server with hostgator.
I have website1 which is a website I built to add products, images, and track data from all the website we run. In this website I store the images in the filesystem on the server spot dedicated to this website.
Then I have website2 which is a website for to display a web store we are operating and I have it connect to the database that stores the data from website1 and grabs all the relative paths to the images that are on website1 filesystem. I cannot however get the browser to find these images and display them. It keeps giving me errors image not found.
I'm new to filesystem management using php and its proving to be a little difficult.
I am using this to set the file path to the image on website2.
src='".$_SERVER['DOCUMENT_ROOT']."/website1/public_html/$productIMG'
is there something else I have to do to get it to grab the image and display it or is it even possible to try to do what I am trying to do. Maybe I am missusing the $_SERVER[DOCUMENT_ROOT] someone please help me.
The variable in the path is correct for the path I am trying find but the beginning part is not finding the correct way to the other website.
Here is an example of the link I am getting to an image.
A website cannot take the document root of another website and use it as its source. Website1 obviously has an address e.g www.website1.com. This is the public address that equates to its document root (public_html directory). In order to extract anything from there, you need to www.website1.com/somefolder/somefile.extension from Website2 or anywhere else. That won't let you down.
Using symfony2, I would like to upload some files only from their path on my PC.
I read an excel file containing some path to pictures (like /home/thibault/pictures/*.jpg) and I want to upload them on my server. So, I do not want a form.
All the documentation I have read deal with upload from a form, is this possible to do that without ?
Thanks in advance,
No it is not possible. For what you are looking for you need to deploy some locally running agent. Any browser will not permit you to pull files form folders on the user's computer. The user has to be the one to say what files they want to upload if it is to be done inside a browser.
i am writing an iphone application, which basically uploads and downloads Images to/from a server. in order to test my code i installed xampp and everything works fine now. if i upload an image the server creates a folder named with the UDID-number of the device
(via the http-method POST a php script is called).
but if i enter the directory of such a folder and the name of the image in the browser i can see it in the browser.
i am a newby on this topic and have no idea if there are better possibilities. my questions are: should i use databases where i save the images or is it just fine to create folders via a php script and save the images into these folders? can i hide all the datastructure, such that you cannot access it via a browser but only with the iphone application? (the application should only be able to download pictures randomly). thx
If you do not want an image serverable by apache, you need to store it outside the webroot. So if your webroot is C:\xampp\htdocs, you could store the images in a folder structure under C:\xampp\images
Your iphone app would have to do a little more work then to pull a random one and send it to the user.
I am launching a web application soon that will be serving a fair amount of images so I'd like to have a main web server and a static content server and possibly a separate database server later on.
I'd like the user to:
login and be able to upload a photo
the photo is renamed a randrom string
the photo is processed into a thumbnail
the photo and thumbnail are stored into a filesystem on the static server.
the photo and thumbnail's directory and filename are stored in a mysql database
The problem is I don't know how to have the user instantly upload an image to a separate server.
I thought about using amazon s3, but you can't edit filenames before posting them. (through POST, I'd rather not use the REST api)
I could also use php's ftp function to upload to a separate server, but I'd like to dynamically create folders based on the properties of the image (so I don't have all the images in one big folder obviously), but I don't know how this would work if I used ftp...
Or I could save them locally and use a CDN, I'm not too familiar with CDN's so I don't know if using them this way would be appropriate or cost-effective.
What are my options here? I'd like the images to be available instantly (no cron jobs/queues)
Thanks.
You can create directories over FTP with PHP, so that should not be a showstopper.
I thought about using amazon s3, but you can't edit filenames before posting them. (through POST, I'd rather not use the REST api)
If you let your PHP server do the uploading to S3 via POST, you can name the files whatever you want. You should do that anyway, letting your users upload to S3 directly, without your PHP code inbetween, sounds like bad for security to me.