Yii Framework Forum: How to protect images while allowing display and download? - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

How to protect images while allowing display and download? Rate Topic: -----

#1 User is offline   michael123 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 17-April 12

Posted 17 April 2012 - 09:28 AM

I need to allow users to upload, download and display on browser the private pictures. I have problem to display a single image on browser and download the generated zip file (of several images) while protecting these image/zip files.

Here are the approaches I tried:
1. put the images under webroot/images/<userid>/<dates>/... and protect them (don't allow unauthorized access): I am able to make everything works but don't know how to protect the images from access by other unauthorized users. At worst, can I configure (in Apache)so that user can only access webroot/images/<userid>/<dates>/, not the parent folders: "webroot/images/<userid>/"?

2. put images under protected and create a function in control as suggested in (yiiframework.com/forum/index.php/topic/18512-solved-how-to-display-protected-images/). I always get an error "The image cannot be displayed because it contains errors." when it is access from browser directly (e.g., mydomain/controller/method) or in view (use src="mydomain/controller/method"). Here is my function in control:

public function actionPhoto()
{
$path=Yii::getPathOfAlias('application.uploads').DIRECTORY_SEPARATOR;
$file= $path.'005.JPG';
if (file_exists($file))
{
$img=getimagesize($file);

header('Content-Type: '.$img['mime']);
// header('Content-Type: image/jpeg');
// header('Content-Length: ' . filesize($file));

readfile($file);
exit;
} else echo Yii::getPathOfAlias('application.uploads');
}

3. To store the images in MySQL database. I have spent lots time to try this option. Even I can make it work for store and display a single image, it will be issue to generate a zip file for multiple images and allow it to be downloaded by users. I may still need to put the zip files in a file folder.

4. AssetManager: This isn't a good option (based on my limit understanding) for my use case as the contents under assets will be public accessable and also take time to publish the assets.

Your suggestions and help are greatly appreciated.

Michael
0

#2 User is offline   wisp 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 192
  • Joined: 04-February 11

Posted 17 April 2012 - 09:59 AM

Option 2 seems like the simplest one. I'm not sure what you're doing wrong, it seems OK, maybe there are some white spaces? Check the headers of the request if everything is correct: http://www.seoconsul...m/tools/headers
0

#3 User is offline   michael123 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 17-April 12

Posted 17 April 2012 - 10:20 AM

I got a black screen with the error which is difficult to see.

here is the header information. Please let me know if you need more information.

Your helps are greatly appreciated!

Michael

===
#1 Server Response: //webroot/index.php/content/photoHTTP/1.1 200 OK
Date: Wed, 18 Apr 2012 04:26:17 GMT
Server: Apache/2.2.21 (Win32) PHP/5.3.8
X-Powered-By: PHP/5.3.8
Set-Cookie: PHPSESSID=npkunt8sdheidc0mm6jv49fgk4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: image/jpeg
============
0

#4 User is offline   wisp 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 192
  • Joined: 04-February 11

Posted 18 April 2012 - 12:31 PM

headers look fine, does this happen with all images?
0

#5 User is offline   michael123 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 17-April 12

Posted 19 April 2012 - 12:34 AM

I found the cause. I need to clean up everything before the header() by:

ob_clean();

Thanks for your help.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users