4

How can I encrypt uploaded image file (like www.yahoo.com/images/image1.jpg) using PHP and decrypt when it shows in browser? I want to save it in folder not in database.

Sudantha
  • 15,684
  • 43
  • 105
  • 161
Aryan G
  • 1,281
  • 10
  • 30
  • 51
  • 1
    this would consume serious processing power ??? are you sure you don't want to consider other option ?? – Baba May 17 '12 at 08:20
  • Why would you want to encrypt your images? – Madara's Ghost May 17 '12 at 08:21
  • because people may have direct access to photo from URL. I want people to login in website and access photo. – Aryan G May 17 '12 at 08:22
  • @Spiker so you'd want to protect a certain folder from directly being accessible? – Andreas Wong May 17 '12 at 08:27
  • @NiftyDude actually, i want to protect the image so i preferred encryption. – Aryan G May 17 '12 at 08:33
  • Ok I give up :s, good luck with other answers – Andreas Wong May 17 '12 at 08:34
  • @Spiker No matter what you do (and there is only practical way I can think of to do this without plugins anyway) the user will still be able to right click -> save image as. Once the image has been decrypted by the browser and rendered, it will stored in the browsers temporary image directory on the user's hard drive. So the best you could hope for is to force the user to log in the first time they want to access the image, there is no practical way to force them to log in every time they want to view it without using an external rendering engine, e.g. Java, Flash. – DaveRandom May 17 '12 at 09:08
  • 1
    Who do you want to protect the image from? You haven't said anything that makes encryption preferable over simple server sided access control. – CodesInChaos May 17 '12 at 10:03
  • You need to rethink this question. As others have said, the kind of thing you're asking for isn't usually solved by encryption, and it is possible to protect an image in other ways than encrypting it. You may have a good reason to use encryption, but you probably need to explain your use-case a bit more clearly because as it stands it sounds very much as if you've already picked the solution to your problem without first considering whether it's the right solution. – Simba Jul 08 '16 at 10:05
  • Agree with above. Consider using HTTPS or VPN for transport protection and an encrypted file system for host protection. I would ask on security.stackexchange.com with sample use case. They can help identify possible attack vectors and how to mitigate them. – NoChecksum Aug 09 '16 at 10:07

1 Answers1

-1

All uploaded files are stored in a temporary folder by PHP.

This temporary file path is accessible via the $_FILES["file"]["tmp_name"] variable set by PHP after the form has been submitted.

You can then encode the image data using an encoding (not encrypting) algorithm like base64_encode() and then decode it for displaying using base64_decode().

<?php
      $image_binary = fread(fopen($_FILES["file"]["tmp_name"], "r"), 
                                filesize($_FILES["file"]["tmp_name"]));

       $encoded_image =  base64_encode($image_binary);
       //Save the image file with file data set as $encoded_image
?>

Another thing to keep in mind is that your PHP scripts are visible to anyone with admin access (eg your host). So they will know what encryption method you have used and may find out about ways to decrypt the encrypted files.

Better encryption strategies at : Best way to use PHP to encrypt and decrypt passwords?

Community
  • 1
  • 1
Jack Brown
  • 84
  • 8