I need to allow users to upload, download and display on browser the private pictures. I have problem to display a single image on browser and download the generated zip file (of several images) while protecting these image/zip files.
Here are the approaches I tried:
-
put the images under webroot/images/<userid>/<dates>/… and protect them (don’t allow unauthorized access): I am able to make everything works but don’t know how to protect the images from access by other unauthorized users. At worst, can I configure (in Apache)so that user can only access webroot/images/<userid>/<dates>/, not the parent folders: “webroot/images/<userid>/”?
-
put images under protected and create a function in control as suggested in (yiiframework.com/forum/index.php/topic/18512-solved-how-to-display-protected-images/). I always get an error "The image cannot be displayed because it contains errors." when it is access from browser directly (e.g., mydomain/controller/method) or in view (use src="mydomain/controller/method"). Here is my function in control:
public function actionPhoto()
{
$path=Yii::getPathOfAlias('application.uploads').DIRECTORY_SEPARATOR;
$file= $path.'005.JPG';
if (file_exists($file))
{
$img=getimagesize($file);
header('Content-Type: '.$img['mime']);
// header('Content-Type: image/jpeg');
// header('Content-Length: ' . filesize($file));
readfile($file);
exit;
} else echo Yii::getPathOfAlias('application.uploads');
}
-
To store the images in MySQL database. I have spent lots time to try this option. Even I can make it work for store and display a single image, it will be issue to generate a zip file for multiple images and allow it to be downloaded by users. I may still need to put the zip files in a file folder.
-
AssetManager: This isn’t a good option (based on my limit understanding) for my use case as the contents under assets will be public accessable and also take time to publish the assets.
Your suggestions and help are greatly appreciated.
Michael