How can i show the images outside the web root directory in my php application?

Question

I have web application in PHP using apache server, linux. For some security reason i am keeping the documents and images outside web root. How can i show these images, when the user login.

Answer 1

PHP by default can already access files outside the web root, unless restricted with an open_basedir directive (or safe mode, but hope you're not in that cage).

It's normally a good practice to insert within a VirtualHost configuration an open_basedir restriction. You can specify multiple directories separated by : on Linux and ; on windows.

php_admin_value open_basedir /var/www/s/stage:/usr/share/php:/your/dir

To access those files either use an absolute path or a path relative to the position of the PHP file called. (So you'll have to ../ to reach levels above).

Also be sure that directories in which you want to write to are assigned to the webserver user and have write permission.

Otherwise you have second option:

Inside your www directory, create a "image.php" file, with a similar content to:

<?php
  header('Content-Type: image/png');
  readfile("../img/" . $_GET['img']);
?>

And call your images with

<img src="image.php?img=myimage.png" />

Please be aware that your PHP file shouldn't be that simple :) As you may want to address multiple image formats (and providing the correct header for them), checking for malicious file path/inclusions (you don't want to use $_GET without validating/sanitizing the input), extra caching etc. etc. etc.

But this should give you an idea on how you can target your issue.