Protect Images from being public laravel 5 - laravel

i have seen certain techniques to protect images like to show them only to authenticated users. one example is
how-to-protect-image-from-public-view-in-laravel
It tells us only about 1 image. what if we want to retrieve multiple private images and show them to authenticated users?. What is the most appropriate way?. we cannot generate a link to storage directory right?

Save the images in your storage folder which isn't publicly accessible. Then create a route to generate the image based on the parameter, which could be the image name or path. Wrap this route with the auth middleware. Display the image content with appropriate headers in the controller method for the route based on its parameters.
Edit : Check this out to give you an idea.
Sample route
Route::get('securedimage/{name}', 'SecuredImageController#show');
Sample controller method
public function show($name)
{
// check if the image with name exists in the folder that you store them
// If the image doesn't exist then display dummy image or return nothing
$imagePath = storage_path('/upload/' . $name);
return Image::make($imagePath)->response();
}
Then you can access images like so
<img src="http://example.com/securedimage/ball.jpg">
<img src="http://example.com/securedimage/topsecret.jpg">

Related

Returning an image response from storage along with other data?

In a controller I return a view with data. Along with this data, how can I also send back an image?
The image needs to be loaded via Storage as it's private, I get the image and build an image response in a class.
How can I also return this image response along side my data?
I've tried setting the response to a var in my data and displaying that in img src but it fails to load the image.
Normally I work with url. Storage::url('file.ext') give you a lot of possibility. There is also a way to create temporary url with this method within the Storage facade $url = Storage::temporaryUrl('file.jpg', now()->addMinutes(5)); You have to indicate when the url should expire.
There is another method that I use with drawboard.
You first have to get the content of your image. I don't remember, but I think the get() method of storage do the job. Maybe it's a bit more complex.
Whatever, you have to get the raw data of the image, put it into a variable and send it to the view.
Then, in the src of the image, you do this:
<img src="data:image/png;base64, {{$varToRawData}}" />
Be sure to use the right image/extension

How to use two controllers method in one form on laravel?

I have a productsController and it basicly doing CRUD nicely. But there is a issue. My controller methods getting too long. So I decided to seperate ImageController and Image table from products. Because the images need to has on CRUD.
However, the form which is uploading this items is the same with uploading images. So, what is the best practice to make two controller from one form? Also what should be the route look like ?
Note: This is a general question. Also code is too long. That's why I didn't add the code here.
This is a very broad question, but it seems like you need to set up a relationship between Product and Image models (assuming you are using models with the controllers you mentioned in your question), so that a Product hasOne Image. Then when you save a Product, you can call the store Image method on the Image like this:
$product->image->storeImage($img);
Where $img is the image file you are uploading. The relationship would look like this:
Products.php:
public function image()
{
return $this->hasOne('App\Image');
}
Image.php:
public function product()
{
return $this->belongsTo('App\Product');
}
This is not an exhaustive answer, but hopefully gets you started in the correct path. Of course, you will still need to add other code like the custom "store" function on the Image model, and make sure that you have the correct migrations in place (article_id on the Image model, image_id on the Product model), but this would be one way to separate the code and make your controller lighter. Here is a sample of what you would do in the Image.php model to store an image:
class Image extends Model {
public function storeImage($img){
//code goes here to store image
}
}

Showing a default Image in a CakePHP application

I am working in a CakePHP application, where I am using HTML helper's image() function to show images. What I want, if it gets the image in the given path, then it will show the image, otherwise, it'll show a default image. I have that "default" image, but I don't understand where/how to define it.
Thanks
Extend the HTML helper and add the logic to the image method and override the called image with your default image if the originally requested image does not exist.
index.ctp file code
<?php
$MyImage = $post['Post']['image0']; // image0 is my db field
if (file_exists("img/uploads/posts/".$MyImage))
$MyImage1 ="/img/uploads/posts/".$MyImage;
else
$MyImage1 = "/img/uploads/posts/no-image.jpg";
echo $this->Html->image($MyImage1);
?>
Note : My post's images are stored in app/webroot/img/posts folder(default image is also in this folder.)

CodeIgniter retrieve image from secret folder

I have create private folder in application folder: application/private/username, I'm uploading images here with ajax, that works, but how can I retrieve that image with ajax, and display it in img tag. First problem is that http://example.com/application/private/useraname/img.jpg is protected, I can't access it through out url in browser, how to display an image. Just advice, I wanna write code on my own.
This is part of function(that is part of controller) that grabs image:
$filepath = 'path to image';
header("Content-type: image/jpeg");
if (file_exists($filepath)) {
$img_handle = imagecreatefromjpeg($filepath) or die("");
echo $img_handle;
ImageJpeg($img_handle);
}
But how to get this image with ajax?
You might want to create a PHP file that would get the filename eg thumb.php?src=img.jpg and inside that file, you load the image from that path and display it. This way the path of the images are not exposed to the user.

Codeigniter instance and external library object: authentification

I will try to be as clear as possible to explain my problem. If not, tell me !
Mywebapp is based on Codeigniter. In it, I did a controller in order to show images uploaded by the users. By this way, the images can only be seen by members or authorized people and are not public like in facebook for example (image addresses are just hashed but are public).
I also use the mpdf library to generate a pdf from the content of a web page. To use it, I have in the third party directory the mpdf library. To be able to use it with my formatting, I put in the library directory (in application directory) my mpdf library (just to be able to use it from different controller). I have a pdf controller which is called from the view where I want to generate the pdf.
So the process is : I call a function of the pdf controller from my view. In this function, I call a function of my mpdf library which create a mpdf object (the third party class) and generate the pdf.
The generation of the pdf works great. The only I had is for the images. I explain. In my html document, the image are embedded like that :
<img src="http:localhost/www/myapp/library/image/hashed_name_of_the_image" alt="" />
The image function of the library controller retrieve the image and shows it. But in this function, I can protect or not the access to run it. For example, to force to be a logged user to see an image (if($this->session->userdata(‘logged’) == true)).
If there is no restriction, the generated pdf contains the images. Cool :).
But if I put a restriction, it doesn't. I understand that the mpdf object is the one which is asking to image function to show the image. So the verification failed.
I tried to use a config parameter on the CI instance object before I call the pdf function. For example, set to true a "pdf_conversion" and the conversion finished, set it back to false.
But it doesn't work. When I check the value in the image function, it's still false... It's like the config value is not change for all object but only for th pdf object which has changed it.
Is there a way to do what I want to do ??? With config parameter or anything else !!! I think I misunderstood something but don't know what !
thanks by advance for answers
Bastien
You problem is that then the library "calls" the image function, it is not logged in. So your controller code denies access.
There are two things you can do:
Move the code that generates/gets the image form the controller into a new library. then call that library from the controller and from the PDF library. This is the preferred way.
In the "image" action, find a way to check if the request is coming from the PDF library. Best guess is to look for something in the HTTP headers the PDF library sends. Anyway this is not very secure since HTTP headers can be "faked".
OFF TOPIC: Is there a reason you server the image from a controller action instead of by directly referencing the image file?
CLARIFICATION ON SOLUTION 1
So you'll have a library image.php that looks like this
class Image {
...
function get_image($hash){
[code for getting the image here]
}
...
}
In the controller:
function image($hash) {
$this->load->library('image');
if (if($this->session->userdata(‘logged’) == true)) {
$image = $this->image->get_image($hash);
[send it to the browser]
}
}
In the PDF library
function export($hash) {
$ci =& get_instace();
$ci->load->library('image');
[do pdf stuff]
$image = $ci->image->get_image($hash);
$this->add_image($image);
[do more pdf stuff]
}
This is the idea, the actual details of the implementation are up to you.

Resources