0

I am trying to learn how to access files outside of the site root folder. I found an interesting post on SO HERE that provided some very simple code:

"if you want to provide access to a file outside of the document root, you'll have to do it via a script. The simplest method is to have:

image.php:

<?php
header('Content-type: image/jpeg');
readfile('/path/to/picture/outside/doc/root/file.jpg');
?> //original post was missing this closing tag

and in your html:

<img src="image.php">

"

I also read HERE anout the proper path on a cPanel server running Apache (I am running Apache 2.0) which was listed as:

/var/www/username

And I tried all that, amending the first code above with the correct path and my own account username. I upload the image.php file and the page that calls it and when I test the page, I get nada. A look at the source code and also examine the element in Firebug and it shows what one might expect:

<img src="image.php" />

So...what am I missing here? The original question had this solution checked as a valid answer.

I have seen mentions of mod_rewrite all day (I have been at this for the entire day) and am not certain if that is valid here or not.

Many thanks in advance for the help!

Community
  • 1
  • 1
wordman
  • 581
  • 2
  • 6
  • 20
  • The original post was probably intentionally omitting the closing tag. – Waleed Khan Feb 25 '13 at 23:04
  • 1
    What does `image.php` show when you call it? For the record btw, this *exact* implementation does not add any security, it just creates additional overhead by calling PHP. Do you have a specific case why you want to do this (like a user authentication) instead of having the image in the web dir? – Pekka Feb 25 '13 at 23:04
  • @Pekka I want to keep the contents of the images folder available to users but not available to anyone typing the file URL into a browser. I have researched .htaccess all day with no luck, and I have also seen recommendations to store files outside the site root to keep them from being available through a browser direct URL. – wordman Feb 25 '13 at 23:06
  • 1
    You can't just assume the vhost path from another post. You need to look at `phpinfo()` or ask your provider for help. Each setup is different. Make sure the absolute path is correct. Enable `error_reporting`. – mario Feb 25 '13 at 23:07
  • @Pekka when I call image.php as a file in the browser, a .jpg is displayed with a warning: `The image"http://www.website.com/image.php" cannot be displayed because it contains errors.` – wordman Feb 25 '13 at 23:08
  • Remove the `header()` line and you'll see PHP errors – Pekka Feb 25 '13 at 23:10
  • @Pekka I get an enormous blob of gibberish. – wordman Feb 25 '13 at 23:14
  • Then it might be the additional `?` at the end in `?>?` – Pekka Feb 25 '13 at 23:15
  • @Pekka My apologies, that extra `?` is not in the code of my file, that was a typo on my part. – wordman Feb 25 '13 at 23:17
  • Can you get rid of the closing `?>` altogether? Maybe there's white space that is interfering with the JPG – Pekka Feb 25 '13 at 23:22
  • @Pekka I tried that also. No different – wordman Feb 25 '13 at 23:23
  • You need to find out about the errors. Download the URL with `wget` or `curl` (commandline) and compare against the original JPEG, using `diff` etc. It's typically leading garbage (PHP notices, whitespace), seldomly truncation or trailing garbage, if the image can't be displayed in the browser. – mario Feb 25 '13 at 23:23
  • Can you copypaste the first 30 characters of gibberish? – Pekka Feb 25 '13 at 23:29
  • @Pekka here are thei first 40... `ÿØÿàJFIFddÿìDucky<ÿâXICC_PROFILE` – wordman Feb 25 '13 at 23:35
  • Strange, that looks okay. Not sure what is going on here... does the image work if you copy it into the web root directly and call it from there? – Pekka Feb 25 '13 at 23:37
  • @Pekka oddly enough, I get the same white screen, no image, greyed out code in Firebug... – wordman Feb 25 '13 at 23:51
  • Then the image itself may be broken. Or just white :) – Pekka Feb 25 '13 at 23:52
  • @Pekka, but it isn't, I can view it on my local machine. – wordman Feb 26 '13 at 00:10
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/25104/discussion-between-wordman-and-pekka-) – wordman Feb 26 '13 at 00:15

1 Answers1

0

In Web Host Manager (WHM) you need to enable the PHP open_basedir Tweak for the each user you want to allow access outside of its root.

If you are using cPanel on a linux environment, WHM should be available by going to http://yourdomain.com/whm

Refer to http://docs.cpanel.net/twiki/bin/view/11_36/WHMDocs/WebHome

zgr024
  • 1,175
  • 1
  • 12
  • 26
  • This sounds like Windows/IIS advice? He seems to be on a Linux box – Pekka Feb 25 '13 at 23:07
  • using WHM on linux with Cpanel... no Windows environment. Refer to http://docs.cpanel.net/twiki/bin/view/11_36/WHMDocs/WebHome – zgr024 Feb 26 '13 at 01:43