Questions › Display picture using PHP5 that is not located in www folder

I have a wireless access point, that is on Raspberry Pi, with Apache and PHP.

Raspberry Pi should use PHP to Display Images that are located on the USB drive(the drive is mounted).

I have tried using direct routes to the file, from HTML. Example:

<img src="/mnt/data/1.jpg">

But the images are always shown as broken links.

I have also tried using symbolic links from /var/www folder to /mnt/data folder, but that also didn't work.

Is it even possible to show images from /mnt/data using PHP, and if it is, how it can be done?

Thanks

Comments :

I will try thanks!!

jossif replied

how about permissions? are the images readable for the apache user?

I have put directory permissions as drwxr-xr-x. So I should be able to read files


2 Answers :
John Ballinger answered

You cannot display images outside the web directory, that is not allowed. Otherwise a hacker could load system files from the web server and that is very dangerous.

What you want to do is to tell PHP to go find the image and return the data for a file outside the web directory.

eg use this for you image tag to get your started.

<img src="myimage.php">

Then in the myimage.php script.

header('Content-type: image/jpeg');
echo imagejpeg("/mnt/data/1.jpg");
die;
James replied
Yup yup this is a good way to do it. Can also preserve the original filename via "Content-Disposition" header.;
depecheSoul replied
Hello, I tried your solution, it does not work in my case. Thanks for help;
RRB answered

File locations that are not aliased in the host machine will never be located by a client side script (html/css/javascript) because they are never "served" by your server. The client side can only access files that are within the folders your server serves (www directory, and any other alias directory). The SERVER SIDE SCRIPT, however, does have an access to the files in the host machine. That is why a server-side scripting language like php can output an image from anywhere within your host machine. i.e.

header('Content-type: image/jpeg');
readfile("d:/1.jpg");
exit();

or

header('Content-type: image/jpeg');
// IF YOUR PHP FILE IS "D:/program files/wamp/www/index.php"
readfile("../../../1.jpg");
exit();

You can, however, do this:

<?Php
    if(strtoupper($_SERVER['REQUEST_METHOD']) == 'GET'
    && isset($_GET['image']) && isset($_GET['drive']))
    {    header('Content-type: image/jpeg');
         readfile("{$_GET['drive']}:{$_GET['image']}");
         // THIS WILL HAVE THE FOLLOWING VALUE ONCE CALLED:
         // readfile("d:/path/to/my/file/myfile.jpg");
         exit();
    }
    <html>
    <img src="{$_SERVER['PHP_SELF']}?drive=d&image=/path/to/my/file/myfile.jpg">
    or simply:
    <img src="?drive=d&image=/path/to/my/file/myfile.jpg">
    </html>
?>

It is NEVER recommended unless you know what you're doing though since it will expose your system.

If you're planning to do this, make sure to check for file types, control the string contents of your $_GET, monitor the directories accessed and tighten up every security hole.