Question about calling files at the user level

software development

#1

Howdy -

I have possibly a dumb question (or at least an easy one) for someone.

I have been teaching myself PHP and working on building a CMS. I have switched to running php on Apache because I needed to work around the 7mb file upload limit with a .htaccess file. I ran into a problem with move_uploaded_file and discovered I needed to chmod the directory as 777 in order to write into it. I know that this is a security risk, and to minimize that risk I’d like to keep the upload directory at the user level, rather than at the domain level, as someone on the dreamhost forum suggested.

All this is working fine with no problems - BUT . . .

I’ve been bashing my head against the wall over the simple issue of calling that file once it is in the user level directory. Say I have a file here:

/home/user/files/blah.jpg

and my page that calls the image here:

/home/user/something.com/image.php

If I wanted to call that image in a simple or tag, what do I need to do? Currently, if I try to call an image like so:

it comes out in the html as:

which is no good at all.

I do have an include directory listed in my .htaccess file for /home/user/files. I am sure I am missing some extremely simple bit of information about calling files from user level directories, but I have had no luck googling a solution.

Any help would be appreciated!

Thanks,

Jennie


#2

Use Domains-> Re-map sub-dir.
That way you can set up a link like www.domain.com/images2 to your user level directory. But people will then be able to access that directory so make sure there is an index file to hide your files.


#3

I’m sure there’s a way to call something from a user level directory without remapping a sub directory. The point of putting the directory at the user level is I don’t want people to wander into it. Otherwise I’d dump the uploaded images into /home/user/something.com/images/ (which is how I previously had it set up).

People use user level directories to store .inc files and they’re able to call them. I just want to call an image file in a similar fashion.

Thank you for your suggestion, though.


#4

Ah, I see. Confuse us by using the wrong terminology!! You don’t “call” images, they are not code, just data. In fact, you don’t call ‘.inc’ files, those are source code library files, and the proper term is “include”. As in the compiler has to open a file and read it into memory and then “include” it as part of the file it already read into memory.

Which leads me to the next point: to display an image that is in a directory that Apache cannot access itself, you’ll need to use PHP or Perl or some other script/program that can. And that means manually opening the file and reading it into memory and using it to generate a proper HTTP response.

For example, here is image.pl:

[code]#!/usr/local/bin/perl

use CGI qw(:all -no_xhtml -nosticky);
use CGI qw(fatalsToBrowser);
use Fcntl;

CGI::default_dtd([’-//W3C//DTD HTML 4.01//EN’, ‘http://www.w3.org/TR/html4/strict.dtd’]);

my $image_file = ‘/home/username/2612492.jpg’;

if (-e $image_file) {
$size = -s $image_file;
print header(
-type=>‘image/jpeg’,
-content_length=> $size);
sysopen(FH, $image_file, O_RDONLY) or die;
my $buffer;
while (sysread(FH, $buffer, 4096)) {
print $buffer;
}
close(FH);

}
else {
print
header(-status=> ‘500 Internal Server Error’),
p('Error reading ’ . $image_file);
}

exit;[/code]
:cool: Perl / MySQL / HTML+CSS


#5

You probably want fopen().


If you want useful replies, ask smart questions.


#6

Aha - my bad. I have not had any formal programing instruction - I learn stuff here and there. It does not surprise me at all that I would use incorrect terminology. :slight_smile:

Thanks very much for your help! I appreciate being pointed in the right direction.


#7

Ooo! Yes, that does look promising! Thank you!


#8

www.php.net is your friend :slight_smile: The function listing and search on the site are invaluable, though not a ‘teaching tool’.

I refer to php.net regularly when I’m coding something I haven’t played with much or at all. Or, say, when I forget which order the arguments go for different functions.


#9

[quote]www.php.net is your friend :slight_smile: The function listing and search on the site are > invaluable, though not a ‘teaching tool’.

[/quote]

Nifty php.net trick: You can get a function reference page just by typing in a php.net URL, like so:

http://www.php.net/print
http://www.php.net/echo
…etc…

This will take you directly to the doc page for that function, without having to load php.net, type it into their search engine, etc.

  • Jeff @ DreamHost
  • DH Discussion Forum Admin