Results 1 to 5 of 5
  1. #1

    images outside of root

    i am having trouble with the concept of including images outside of the webroot. i am building a portfolio site which is not accessible to the public. i want a registration form and login request. i haven't started working on a login system yet. however, i only want my photos viewable to authenticated persons. i have been told to place the files outside of the webroot by several people. i've tried to do this but it isn't working, plus, i read about security problems.

    since i am using a web host (i don't own the server) i prefer to use the data uri instead of photo files. i have tested a php file with an image and it only rendered source code. i get it, the file needs a header. i just changed the src to a data uri and the image displays. however, this method calls a php file with hardcoded image. how can i call only an image?
    i hope that this makes sense. i have the data uri instead of a real photo file. i'd like to call the data uri when it is needed instead of an image file.

    basically, people tell me to put the images outside of the webroot but noone tells me how this is supposed to work. i'm hoping that someone can give me a clue.
    Thank you.

  2. #2

    images outside of root

    Putting files outside the web root is about not letting users have direct access to a file. Like if it needs to be protected by user registration, or has a download counter, or something like that. What you do is use a PHP script to show that image if you want it to show the image, or else show a 403 if you don't want it to show the image.

    The data URI thing because you are using a web host doesn't make sense. Don't use a data URI. There's no point. Use regular URLs.

  3. #3
    Junior Member
    Join Date
    Mar 2016
    Posts
    11

    images outside of root

    IMO, you've gotten bad advice. You put images and other pages in a directory in webroot but protect it using <directory> directives in your config file. Look at the 'require' directive.


    There are 10 kinds of people in the world. Those that understand binary and those that don't.

  4. #4

    images outside of root

    Putting files outside the web root is about not letting users have direct access to a file. Like if it needs to be protected by user registration, or has a download counter, or something like that. What you do is use a PHP script to show that image if you want it to show the image, or else show a 403 if you don't want it to show the image.

    The data URI thing because you are using a web host doesn't make sense. Don't use a data URI. There's no point. Use regular URLs.


    this is what i want to do with the images. stop direct access without authentication. i'm not comfortable using apache directives on image formats.
    the problem for me is how to implement? i'm new to backend development. i had trouble calling php files outside of the root but i finally figured it out.

    my registration form is set like so: register/ contains index.php which contains include dirname(__FILE__) . '../../myphp/creg.php';
    the creg.php sets up a session then calls include 'form.php'; and everything works well.
    but if i add an image tag to a php outside the root, then the browser only displays the source code of the image instead of displaying the image. if i hard code data uri, then the image displays in the browser.
    how do i protect the image and use a download counter? my portfolio images are private and i only want registered users to be able to view the images without direct access.
    php and backend dev is difficult for me at times.

  5. #5

    images outside of root

    Originally Posted by phpjs81
    this is what i want to do with the images. stop direct access without authentication. i'm not comfortable using apache directives on image formats.


    Why? This is what they are for and no less secure than any other method.


    There are 10 kinds of people in the world. Those that understand binary and those that don't.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •