I've been working on my server for several days and I'm having major issues with server includes and images. I removed all of the PHP Includes but I would like to add them back. The other issue I'm having is with images. I've added the full path domain and all and it's still not loading the image. If you take the URL path of the image and place it in the browser, it works. I've cleared caches and cookies several times and still coming up with no solution.
http://cocrele.mobi
http://cocrele.mobi/welcome
The headers says that the image loading was forbidden:
"A 403 Forbidden error means that you do not have permission to view the requested file or resource. While sometimes the website owner does this intentionally, other times it is due to misconfigured permissions or an improper .htaccess file. "
You need to be aware that the images in CSS need to be relative to the path from style.css
So for instance, if you have the following folders:
index.php
img
img.jpg
css
style.css
If you are putting the image "img.jpg" in the "style.css", the path will be:
"../img/img.jpg"
While if you are putting images directly in your index.php the path will be:
"img/img.jpg"
Hope this helps.
Related
When using XAMPP, I am loading a page (index.php) and am using MySQL to get the directory of an image I want to use. This is a snippet of the code block that does this:
<img src="<?php echo $resource['main_image'];?>">
I know that the php code is working because when I inspect element the page on localhost, I get
<img src="assets/images/defaults/default_pic.png">
This image exists in the folder but just doesn't seem to load when the server is run. When I inspect element and click on Sources, the image folder is not sourced, but the css and js folders are:
As you can see, the assets/images folder is not loaded. I can't seem to find any way to load this folder. I have tried other solutions to similar problems, such as giving an absolute path to the image, and yet other folders a sourced and not this image folder. I have tried looking for ways to source images in the head of the HTML, and those don't exist either.
In addition, it seems that if I explicitly state the image location and not use a MySQL Query to locate it, it loads fine. It is only when I query the location does the image not load.
A workaround that worked for me is to create a new directory for pictures outside of assets, in the working directory of the current file. It is not ideal, but it is a workaround for the issue.
I'm having trouble putting data in safe locations. What I want to do is allow my localhost to access the files to create my pages but prohibit all other access.
I started out trying to write a .htaccess file to prevent access to subfolders but read here that this was a poor way to do things and was getting into a tangle anyway so, following advice, I tried moving the files out of the public_html directory:
The structure is:
bits_folder
images
testimage.jpg
files
testfile.php
public_html
application
callingfile.php
With this layout, I get error 404 if I try to access anything in bits_folder from the browser, as desired. callingfile.php however does not seem able to access the testimage, but can include the php testfile.
callingfile.php:
require("../../bits_folder/files/testfile.php"); //works and displays file echo
<img src="../../bits_folder/images/testimage.jpg" //gives broken image
both the files (testimage and testfile) are in the folders where they should be.
I am assuming that the reason for this behaviour is that the img is a http request after the page is served and will thus be denied but I am no server expert. Is this the case? Can this be overcome? Should I be doing this another way?
Only place scripts and images for PHP to use outside public_html. Images and other things that are as src or otherwise linked in HTML/JavaScript cause the browser to request those. The web server will refuse to serve them from outside the public directory.
Your browser will get access denied for www.example.com/../../bits_folder/images/testimage.jpg
I'm building graphs using pChart in PHP. The case is that I have my picture in the right folder, I know it because if I put that path in the browser I can see my picture, but in the template, it doesn't show up. Firebug shows "failed to load the given URI".
<img src="/home/user1/mysite/Admin/Template/mx_graphs/example13.png">
The picture has all the rw permissions given, and the folder.
You appear to be using a UNIX file path instead of a relative URI. Your web server is unlikely to be configured to have the DocumentRoot be / (and it would be very silly to do so).
Construct a URI relative either to the HTML document or to the DocumentRoot of your server.
The latter will probably be /Admin/Template/mx_graphs/example13.png
Remember the statement:
<img src="/home/user1/mysite/Admin/Template/mx_graphs/example13.png">
Will run on the client side, so if you run this on the very computer where the picture is stored, it should work fine, but if you try to open it from another computer it will not work.
Try to use relative path (http://www.coffeecup.com/help/articles/absolute-vs-relative-pathslinks/), and try to keep the website resources into the website root folder, so that even when you host the site the image be copied over and will still be accessible..
I'm running a php website locally using mamp. On the front page (i.e. index.php) there are a few broken image links that point to image files like '/images/logo.gif'. These were working on a version of the site hosted remotely.
In the actual main web folder I see a subfolder "resources" that contains the subfolder "images". I can't figure out whether the image links should know to look in the resources folder from other code or if the img src field in the html (from inspect element on the locally hosted version) should actually be reading 'resources/images/logo.gif'. I'm hesitant to just change the field in the code without knowing if it should be seeing the subfolder in resources.
EX.
-/site
-index.php
-/includes
-/resources
...
-/images
-logo.gif
...
-/css
etc....
I apologize for this novice question, but I just can't figure out the appropriate resources to find the right answer for this.
If your image links to "images/logo.gif" then your browser will look for the images folder in your root directory. The reason that you're getting broken image links is because you don't actually have an images folder there! You'll need to change everything to "resources/images/logo.gif".
Okay, so it looks like on the remote site there were actually two separate images folders, one at the root level, and one in the resources folder. That would explain my confusion.
I am trying to secure my PHP Image upload script and the last hurdle I have to jump is making it so that users cannot directly excecute the images, but the server can still serve them in web pages. I tried changing ownership and permissions of the folders to no avail, so I am trying to store the images above public_html and display them in pages that are stored in public_html.
My File Structure:
- userimages
image.jpg
image2.jpg
- public_html
filetoserveimage.html
I tried linking to an image in the userimages folder like this:
<img src="../userimages/image.jpg">
But it does not work. Is there something I am missing here? If you have any better suggestions please let me know. I am trying to keep public users from executing potentially dangerous files they may have uploaded. Just as an extra security measure. Thanks!
You want something that's basically impossible.
The way a browser loads a page (in a very basic sense) is this:
Step 1: Download the page.
Step 2: Parse the page.
Step 3: Download anything referenced in the content of the page (images, stylesheets, javascripts, etc)
Each "Download" event is atomic.
It seems like you want to only serve images to people who have just downloaded a page that references those images.
As PHP Jedi illustrated, you can pass the files through PHP. You could expand on his code, and check the HTTP_REFERER on the request to ensure that people aren't grabbing "just" the image.
Now, serving every image through a PHP passthru script is not efficient, but it could work.
The most common reason people want to do this is to avoid "hotlinking" -- when people create image tags on other sites that reference the image on your server. When they do that, you expend resources handling requests that get presented on someone else's page.
If that's what you're really trying to avoid, you can use mod_rewrite to check the referer.
A decent-looking discussion of hotlinking/anti-hotlinking can be found here
Use an image relay script!
To serve a imagefile that is outside the public_html folder you would have to do it by a php script. E.g make a image-relay.php that reads the image that is outside the public html...
<?php
header('Content-Type: image/jpeg');
$_file = 'myimage.jpg'; // or $_GET['img']
echo file_get_contents('/myimages/'.$_file);
?>
Now, $_file could be a $_GET parameter, but its absolutley important to validate the input parameter...
now you can make an <img src="image-relay.php?img=flower.jpg"> to access a flower.jpg image that is located in /myimage/flower.jpg ...
Well, a web browser will only be able to access files and folders inside public_html.
If the public_html directory is the root of the server for your users, Apache cannot serve anything that is not inside/below that dorectory.
If you want a file to be served by Apache directly, you'll have to put it in/below public_html.
I think your misunderstanding is in the fact that if you include an image in an <img> tag, your browser will send the exact same request to the webserver to fetch it, that will be sent to the webserver if you try to open the src url of the image in your browser directly.
Therefore, either both things work, or neither.
There are hacks around, involving a (php or other) script to make sure that an IP that has requested the image has also requested the html page within the last few seconds (which will not work if the user is behind a proxy that rotates outgoing IPs) or by checking the referer (which does not work with HTTPs and also not if the user has referer disabled).
If you want to make sure that only some users can see the image (both via <img> tag and directly), you can put the image outside public_html and have a (php or other) script that verifies the user's credentials before serving the image.
If you are using Apache or lighttpd you can use the X-Sendfile header to send files that are not in the web root(provided you haven't changed the configuration of mod_xsendfile).
To learn more about X-sendfile see this site.
This solution is giving you the best possible performance as PHP doesn't send the file but the server does and therefore PHP can be exited while the files are being served.
Hope that helps.