I have an img
tag with a src
value defined. However, I don't want to show this src
value, since it compromises my server. I've been recommended to use virtual URL: The IMG tag refers to a URL, however in this scheme the URL is a virtual one: /uploads/myuser/mypict.jpg will not directly map to the image, but a rewrite rule will pass this URL as parameter to a /uploads.php?url=myuser/mypict.jpg script, and this script will have the ability to access and send the content of files outside of the web root directory (web server root directory does not apply to scripts' file handling functions). Source
But I don't understand how an img
tag could access to a PHP script, and how this script could show the image in the img
tag.
Any idea on how could I achieve it?
Update:
I would give an answered mark to all of you, ... but I can't. I've finally found a way of calling the script without any parameter, as the name and path of image are stored in the database. I'm working with Symfony2, so I will give my particular solution:
I simply do in a Twig template:
<img src="{{ path('acme_home_seeImage') }}" width="{{ image.width }}" height="{{ image.height }}">
and add the route:
acme_home_seeImage:
pattern: /seeImage
defaults: { _controller: AcmeHomeBundle:Home:seeImage}
Then, when the page is loaded, the img
tag trigger the seeImageAction()
method which handles the below code:
public function seeImageAction()
{
if(!isset($_SESSION)) session_start();
header('Content-type: image/png');
if(isset($_SESSION['id'])) {
//call to image in database
$em = $this->getDoctrine()->getEntityManager();
$image = $em->getRepository('AcmeHomeBundle:Image')->find($_SESSION['id']);
readfile($image->getPath());
} else {
readfile('public/img/default.png');
}
}
as the image is associated to the session id of the client.
And that's all! Now, I can put the upload directory outside the Document Root
with success, and my upload path keeps hidden.