upload file issue

**Sean** · Apr 17 '07, 03:15 PM

Re: upload file issue

"Emmanuel Petit" <emmanuel.petit 26@free.frwrote in message
news:4624da1f$0 $18315$426a74cc @news.free.fr.. .

First of all I am rather new into PHP. I use php 5 and I am putting
together a web site for a local association I belong too.
Most of the site is okay, except for this problem :
>
I need to be able for the member of the site to upload files (gif, jpg or
pdf). After reading a lot about the danger of file uploading, I decided to
create a folder at the root of the web server. The upload of the files
goes on without any problem, but when i tried to show some of the file
(such as the image files), the system does not retrieve them.
>
Here is the the tree of my web server :
/.
/website (folder where all of the web site is build with *.php files)
/uploads
/images (folder where all the images files are uploaded)
/pdf (files where all the pdf files are uploaded)
>
The bit of code doing the uploads works fine, but I can not find a way to
retrieve the files. When I code in the php file :
echo '<img src="../uploads/images/test.gif">';
The browser is in fact looking for a file name
www.mywebsite.com/uploads/images/test.gif which of course does not exist.
>
I tried to look on the web for an answer but did not find one. Could any
one points me out to a tutorial for this subject, or will be good enough
to help with a solution, bearing in mind that I am by no mean an expert in
php.
>
Thank you.

I am sure that there may be another solution, but I think that you cannot
path back outside of your webserver. I'd bet that if you moved the 'uploads'
folder inside the 'website' folder and change the link accordingly, it would
work.

As www.mywebsite.com and the website folder should be the same ... I take it
that having <img src='../../uploads/images/test.gif'makes no difference?

**Emmanuel Petit** · Apr 17 '07, 03:55 PM

Re: upload file issue

Sean a écrit :

>
I am sure that there may be another solution, but I think that you cannot
path back outside of your webserver. I'd bet that if you moved the 'uploads'
folder inside the 'website' folder and change the link accordingly, it would
work.
>

It works fine if I move the 'uploads' folder back on the web site, but
as it needs to be chmod 777, it is now open to everyone, and might
become a security issue on my server.

I read that by putting it outside the web folder, it could not be access
by browsing, but I can not find any way to retrieve the folder, even
that I can put them without any problem.

As www.mywebsite.com and the website folder should be the same ... I take it
that having <img src='../../uploads/images/test.gif'makes no difference?
>
>
>
>

**Jerry Stuckle** · Apr 17 '07, 04:45 PM

Re: upload file issue

Emmanuel Petit wrote:

Sean a écrit :

>>
>I am sure that there may be another solution, but I think that you
>cannot path back outside of your webserver. I'd bet that if you moved
>the 'uploads' folder inside the 'website' folder and change the link
>accordingly, it would work.
>>

It works fine if I move the 'uploads' folder back on the web site, but
as it needs to be chmod 777, it is now open to everyone, and might
become a security issue on my server.
>
I read that by putting it outside the web folder, it could not be access
by browsing, but I can not find any way to retrieve the folder, even
that I can put them without any problem.
>

>As www.mywebsite.com and the website folder should be the same ... I
>take it that having <img src='../../uploads/images/test.gif'makes no
>difference?
>>
>>
>>
>>

The problem is that when you try to load the image, the user is
browsing. From the request to the server, there is absolutely no
difference between:

Example Domain

http://www.example.com/image.jpg

and loading a page with

<img src="/image.jpg"...>

Both result in a GET request from the browser to the server to retrieve
the image.

You could do something like create a php file which serves the images
from the other folder, but that's the hard way.

The real problem is why do you think the images have to be chmod 777.
That's absolutely incorrect. All they need is 400 and owned by the
webserver's userid, for instance.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Good Man** · Apr 17 '07, 07:35 PM

Re: upload file issue

Jerry Stuckle <jstucklex@attg lobal.netwrote in
news:4e-dnSRy5N3bZbnbnZ 2dnUVZ_qiqnZ2d@ comcast.com:

You could do something like create a php file which serves the images
from the other folder, but that's the hard way.

You can make it all fancy-like, or simple.... depending on what you
need. But if you have the GD library and you're set on keeping images
above the webserver, you can do something like this... I'll call this
file "imagedisplay.p hp";

<?php

/*
if you wanted, you could have the database figure out which image to get
based on a 'file key' or something, or another db call... for this
example, i'm putting the image name right in the code.
*/

$vImg = "donut.jpg" ;

header("Content-type: image/jpeg");
if(file_exists( $vImg)) {
$img_handle = imagecreatefrom jpeg($vImg) or die("");
ImageJpeg($img_ handle);
}

?>

Voila.

In your code, it's just:

<img src="imagedispl ay.php?vKey=xyy djaj" alt="My Image" />

**Good Man** · Apr 17 '07, 08:35 PM

Re: upload file issue

Good Man <heyho@letsgo.c omwrote in
news:Xns99159E4 80D314sonicyout h@216.196.97.13 1:

$vImg = "donut.jpg" ;

Actually, $vImg would likely be
"/home/protected/directory/donut.jpg"

**Emmanuel Petit** · Apr 17 '07, 08:55 PM

Re: upload file issue

Good Man a écrit :

Good Man <heyho@letsgo.c omwrote in
news:Xns99159E4 80D314sonicyout h@216.196.97.13 1:
>
>

>$vImg = "donut.jpg" ;

>
Actually, $vImg would likely be
"/home/protected/directory/donut.jpg"

Thank you all for your help, I shall put that on test, and see how I get
from there...

upload file issue

upload file issue

Comment

Comment

Comment

Comment

Comment

Comment