mistryb
May 3, 2013, 2:14pm
1
I am trying to render an image from the protected folder using a controller method. I’ve taken a look through the following post and followed the process explained:
http://www.yiiframework.com/forum/index.php?/topic/18512-solved-how-to-display-protected-images/
This is my controller method:
public function actionGetImage($id, $name, $size)
{
$filename = preg_replace('/\./', '_' . $size . '.', $name);
$path=Yii::getPathOfAlias('webroot.protected.photos') . '/' . $id .'/';
$file=$path.$filename;
if (file_exists($file))
{
$img=getimagesize($file);
header('Content-Type: '.$img['mime']);
readfile($file);
exit;
}
}
I’m using the following to attempt to render the image from my view:
<img src="<?php echo Yii::app()->createUrl('media/getimage', array('id'=>$data->id, 'name'=>$data->name, 'size'=>$data::IMG_THUMBNAIL)) ; ?>
Maybe I’m missing something small, but it won’t render the image. Blank pages keep appearing.
Any help would be much appreciated. Thanks!
You shoudn’t link images or other files from “protected” folder.
You have to publish using assets:
http://www.yiiframework.com/wiki/148/understanding-assets/
Suralc
May 3, 2013, 3:18pm
3
@Fabrizio I guess he has a reason why he does not want the images available directly to the webserver
@mistryb
Did you checked the received headers and content? (Asking for the image via curl or browser direclty, not embedding it into a html-context) Expecially if content-lenght is set.
Does file_exists evaluate to true?
btw. Check headers with ctrl+shift+k on firefox or ctrl+shift+i on chrome
But images will be anyway downloadable, also if they were in protected folder.
If browser can display images, they will be downloadable.
konapaz
May 3, 2013, 5:04pm
5
Weclome mistryb to best PHP framework (Yii)
what is the aim of that?
Do you want the user see (and may download) the image without the user has directly access to the file?
mistryb
May 3, 2013, 10:57pm
6
I am looking to ensure that the photos will not have any unauthorized users obtain access. Is this still the case if I keep the photos in the assets folder?
In essence, if you’re not logged in, you should not be able to access the photo via URL from the browser.
I think that only method to download images only
for authorized is passing throught a php script
that mask real path (accepting a parameters indicating
file name and eventually relative path).
mistryb
May 3, 2013, 11:14pm
8
I think that only method to download images only
for authorized is passing throught a php script
that mask real path (accepting a parameters indicating
file name and eventually relative path).
Isn’t that what is achieved by using the controller to render a link to the image?
mistryb
May 3, 2013, 11:48pm
9
The problem was solved… after reading vigourously through my code I realized the problem was in the way I was passing variables to the controller.
<img src="<?php echo Yii::app()->createUrl('media/getimage', array('id'=>$data->[b]project_id[/b], 'name'=>$data->name, 'size'=>$data::IMG_THUMBNAIL)) ; ?>"
project_id was the value that should have been passed.
Also, I changed the "/" to DIRECTORY_SEPARATOR instead in my controller.
$path=Yii::app()->basePath . DIRECTORY_SEPARATOR . 'photos' . DIRECTORY_SEPARATOR.$id . DIRECTORY_SEPARATOR;
