Welcome Guest, Not a member yet? Register   Sign In
Removing images from the web root
#1

[eluser]brookerrj[/eluser]
I have been using the controller shown below to allow me to keep image files (normally in a /images directory)out of the web root. For applications that are uploading images this means that you don't need to expose directories under web root to write permissions.

It appears to work and I've used the same method for other files groups like 'scripts'. Also using a tiny_mce controller I'm able to access a single copy of tinyMCE behind web root and share files between projects.

Before I blindly go ahead with this approach I just wondered if it was sound, or can anyone see any flaws with it?

Code:
<?php

/*
|
| This controller catch all the accesses to the projects image files.
|  
| The function catches the the uri and then loads the files from a common image location
| IMAGE_PATH which is above the webroot.
|
| The http header is adjusted to match the file type before the output is sent.
|
*/

class images extends Controller {

    function Images() {
        parent::Controller();
        $file_extension = substr($this->uri->uri_string(), strpos($this->uri->uri_string(),'.') + 1);
        switch($file_extension) {
            case "gif" :
                header("Content-type: image/gif");
                break;
            case "jpg" :
                header("Content-type: image/jpeg");
                break;
            case "png" :
                header("Content-type: image/png");
                break;
            case "tiff" :
                header("Content-type: image/tiff");
                break;
            default:
            echo $file_extension . br();
                echo "default" . br();
                                exit;
                break;
        }
        readfile(IMAGE_PATH . $this->uri->uri_string());
        exit;
    }
}
?>




Theme © iAndrew 2016 - Forum software by © MyBB