Rendering An Image From Protected Using The Controller

I am trying to render an image from the protected folder using a controller method. I’ve taken a look through the following post and followed the process explained:

This is my controller method:

 public function actionGetImage($id, $name, $size)


            $filename = preg_replace('/\./', '_' . $size . '.', $name);            

            $path=Yii::getPathOfAlias('') . '/' . $id .'/';


           if (file_exists($file))



                header('Content-Type: '.$img['mime']);






I’m using the following to attempt to render the image from my view:

<img src="<?php echo Yii::app()->createUrl('media/getimage', array('id'=>$data->id, 'name'=>$data->name, 'size'=>$data::IMG_THUMBNAIL)) ; ?>

Maybe I’m missing something small, but it won’t render the image. Blank pages keep appearing.

Any help would be much appreciated. Thanks!

You shoudn’t link images or other files from “protected” folder.

You have to publish using assets:

@Fabrizio I guess he has a reason why he does not want the images available directly to the webserver ;)


Did you checked the received headers and content? (Asking for the image via curl or browser direclty, not embedding it into a html-context) Expecially if content-lenght is set.

Does file_exists evaluate to true?

btw. Check headers with ctrl+shift+k on firefox or ctrl+shift+i on chrome

But images will be anyway downloadable, also if they were in protected folder.

If browser can display images, they will be downloadable.

Weclome mistryb to best PHP framework (Yii) :)

what is the aim of that?

Do you want the user see (and may download) the image without the user has directly access to the file?

I am looking to ensure that the photos will not have any unauthorized users obtain access. Is this still the case if I keep the photos in the assets folder?

In essence, if you’re not logged in, you should not be able to access the photo via URL from the browser.

I think that only method to download images only

for authorized is passing throught a php script

that mask real path (accepting a parameters indicating

file name and eventually relative path).

Isn’t that what is achieved by using the controller to render a link to the image?

The problem was solved… after reading vigourously through my code I realized the problem was in the way I was passing variables to the controller.

<img src="<?php echo Yii::app()->createUrl('media/getimage', array('id'=>$data->[b]project_id[/b], 'name'=>$data->name, 'size'=>$data::IMG_THUMBNAIL)) ; ?>"

project_id was the value that should have been passed.

Also, I changed the "/" to DIRECTORY_SEPARATOR instead in my controller.