I have web application in PHP using apache server, linux. For some security reason i am keeping the documents and images outside web root. How can i show these images, when the user login.
PHP by default can already access files outside the web root, unless restricted with an open_basedir
directive (or safe mode, but hope you're not in that cage).
It's normally a good practice to insert within a VirtualHost configuration an open_basedir
restriction. You can specify multiple directories separated by :
on Linux and ;
on windows.
php_admin_value open_basedir /var/www/s/stage:/usr/share/php:/your/dir
To access those files either use an absolute path or a path relative to the position of the PHP file called. (So you'll have to ../
to reach levels above).
Also be sure that directories in which you want to write to are assigned to the webserver user and have write permission.
Otherwise you have second option:
Inside your www directory, create a "image.php" file, with a similar content to:
<?php
header('Content-Type: image/png');
readfile("../img/" . $_GET['img']);
?>
And call your images with
<img src="image.php?img=myimage.png" />
Please be aware that your PHP file shouldn't be that simple :) As you may want to address multiple image formats (and providing the correct header for them), checking for malicious file path/inclusions (you don't want to use $_GET without validating/sanitizing the input), extra caching etc. etc. etc.
But this should give you an idea on how you can target your issue.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With