Codeigniter instance and external library object: authentification - codeigniter

I will try to be as clear as possible to explain my problem. If not, tell me !
Mywebapp is based on Codeigniter. In it, I did a controller in order to show images uploaded by the users. By this way, the images can only be seen by members or authorized people and are not public like in facebook for example (image addresses are just hashed but are public).
I also use the mpdf library to generate a pdf from the content of a web page. To use it, I have in the third party directory the mpdf library. To be able to use it with my formatting, I put in the library directory (in application directory) my mpdf library (just to be able to use it from different controller). I have a pdf controller which is called from the view where I want to generate the pdf.
So the process is : I call a function of the pdf controller from my view. In this function, I call a function of my mpdf library which create a mpdf object (the third party class) and generate the pdf.
The generation of the pdf works great. The only I had is for the images. I explain. In my html document, the image are embedded like that :
<img src="http:localhost/www/myapp/library/image/hashed_name_of_the_image" alt="" />
The image function of the library controller retrieve the image and shows it. But in this function, I can protect or not the access to run it. For example, to force to be a logged user to see an image (if($this->session->userdata(‘logged’) == true)).
If there is no restriction, the generated pdf contains the images. Cool :).
But if I put a restriction, it doesn't. I understand that the mpdf object is the one which is asking to image function to show the image. So the verification failed.
I tried to use a config parameter on the CI instance object before I call the pdf function. For example, set to true a "pdf_conversion" and the conversion finished, set it back to false.
But it doesn't work. When I check the value in the image function, it's still false... It's like the config value is not change for all object but only for th pdf object which has changed it.
Is there a way to do what I want to do ??? With config parameter or anything else !!! I think I misunderstood something but don't know what !
thanks by advance for answers
Bastien

You problem is that then the library "calls" the image function, it is not logged in. So your controller code denies access.
There are two things you can do:
Move the code that generates/gets the image form the controller into a new library. then call that library from the controller and from the PDF library. This is the preferred way.
In the "image" action, find a way to check if the request is coming from the PDF library. Best guess is to look for something in the HTTP headers the PDF library sends. Anyway this is not very secure since HTTP headers can be "faked".
OFF TOPIC: Is there a reason you server the image from a controller action instead of by directly referencing the image file?
CLARIFICATION ON SOLUTION 1
So you'll have a library image.php that looks like this
class Image {
...
function get_image($hash){
[code for getting the image here]
}
...
}
In the controller:
function image($hash) {
$this->load->library('image');
if (if($this->session->userdata(‘logged’) == true)) {
$image = $this->image->get_image($hash);
[send it to the browser]
}
}
In the PDF library
function export($hash) {
$ci =& get_instace();
$ci->load->library('image');
[do pdf stuff]
$image = $ci->image->get_image($hash);
$this->add_image($image);
[do more pdf stuff]
}
This is the idea, the actual details of the implementation are up to you.

Related

Returning an image response from storage along with other data?

In a controller I return a view with data. Along with this data, how can I also send back an image?
The image needs to be loaded via Storage as it's private, I get the image and build an image response in a class.
How can I also return this image response along side my data?
I've tried setting the response to a var in my data and displaying that in img src but it fails to load the image.
Normally I work with url. Storage::url('file.ext') give you a lot of possibility. There is also a way to create temporary url with this method within the Storage facade $url = Storage::temporaryUrl('file.jpg', now()->addMinutes(5)); You have to indicate when the url should expire.
There is another method that I use with drawboard.
You first have to get the content of your image. I don't remember, but I think the get() method of storage do the job. Maybe it's a bit more complex.
Whatever, you have to get the raw data of the image, put it into a variable and send it to the view.
Then, in the src of the image, you do this:
<img src="data:image/png;base64, {{$varToRawData}}" />
Be sure to use the right image/extension

Protect Images from being public laravel 5

i have seen certain techniques to protect images like to show them only to authenticated users. one example is
how-to-protect-image-from-public-view-in-laravel
It tells us only about 1 image. what if we want to retrieve multiple private images and show them to authenticated users?. What is the most appropriate way?. we cannot generate a link to storage directory right?
Save the images in your storage folder which isn't publicly accessible. Then create a route to generate the image based on the parameter, which could be the image name or path. Wrap this route with the auth middleware. Display the image content with appropriate headers in the controller method for the route based on its parameters.
Edit : Check this out to give you an idea.
Sample route
Route::get('securedimage/{name}', 'SecuredImageController#show');
Sample controller method
public function show($name)
{
// check if the image with name exists in the folder that you store them
// If the image doesn't exist then display dummy image or return nothing
$imagePath = storage_path('/upload/' . $name);
return Image::make($imagePath)->response();
}
Then you can access images like so
<img src="http://example.com/securedimage/ball.jpg">
<img src="http://example.com/securedimage/topsecret.jpg">

How to retrieve images (decoded if possible) present in a wepage using XPCOM

How to get all the images, after decoding if possible, on a webpage through XPCOM ?
The image might be specified in HTML as a background url in some CSS property, inside img tag, or in any form that a web developer might have included.
I tried looking into imgIContainer, imgIDecodeObserver and many other interfaces. Although there is a way through which we can provide image URI to Mozilla so that it loads the image, decodes it and returns imgIContainer. But I couldn't find anyway to get all images in current webpage.
This has to be done in either Java or Javascript.
Any suggestions?
#Wladimir - Thanks for your help.
I want all the images including CSS constructs (background images). So now I am listening to events from nsIWebProgressListener.
onStateChange: function(webProgress, request, stateFlags, status) {
if ((~stateFlags & (nsIWebProgressListener.STATE_IS_REQUEST | nsIWebProgressListener.STATE_STOP)) == 0) {
var imgReq = request.QueryInterface(CI.imgIRequest);
if (imgReq)
var img = imgReq.image;
}
}
The problem is that request.QueryInterface(CI.imgIRequest) throws exception for all NON-image requests. Although those exceptions can be ignored by putting code inside try-catch block, but I'd prefer to do things cleanly.
Is there any condition that can be checked to know whether request is for image or not?
There is existing code that you can look at. The Page Info dialog has a Media tab that successfully shows most images on the page. The important function is grabAll() in pageInfo.js, it is called for each element (via a TreeWalker). As you can see, there is no generic way to get the image, this function rather uses window.getComputedStyle() to extract the values of a bunch of the CSS properties for this element: background-image, border-image, list-style-image, cursor. It will also look for <img>, <svg:image>, <link> (favicon), <input>, <button>, <object> and <embed> tags. It doesn't manage to recognize everything however, e.g. these CSS constructs will not be recognized:
.foo:before
{
content: url(image.png);
}
.foo:hover
{
background-image: url(image.png);
}
Still, this is probably as far as you can get - unless you want to look at the requests made by the web page as it loads.
Edit: If you look at the requests as they are performed (via a web progress listener), you can do the following:
if (request instanceof CI.imgIRequest)
var img = request.URI.spec;
Note that request.image won't help you much, almost all methods of imgIContainer are only accessible from native code.

Uploading single image and showing its thumbnail using jquery and asp.net mvc3

I need to upload the photo of a user with his details from asp.net mvc3 razor view. The image selected by the user has to be shown as thumbnail before submitting the form.
The model of the view contains a byte array property called Photo. On page load i am converting this byte array to base 64 string and showing it in . this is working properly .
Now i need to show the thumbnail of the image selected by the user. And when he clicks on submit button i need to bind the selected image to the model property Photo.
After googling , i came to know that showing thumbnail is not possible until I upload that image. I tried Uploadify but its UI behavior is not what i am expecting. I also tried the article http://www.dustinhorne.com/post/2011/11/16/AJAX-File-Uploads-with-jQuery-and-MVC-3.aspx, but it is also not suitable in our scenario.
can anyone help me by sharing their experience achieving this scenario.
Thanks in advance.
You could achieve this using HTML5 File API. Take a look at the following article and more specifically the Showing thumbnails of user-selected images section which illustrates an example of how you could achieve that without uploading the image to the server.
And if you want to support legacy browsers that do not yet support the HTML5 File API you could use the jQuery.form plugin which allows you to easily send the contents of a given form to the server using AJAX and it also supports file uploads. So basically you could subscribe to the .change() event of the file input or the .click() event of some see thumbnail ... button and then submit the form to a controller action using AJAX:
$('#myform').ajaxSubmit({
url: '#Url.Action("thumbnail")',
success: function(result) {
// the result variable will contain the result of
// the execution of the Thumbnail action.
// could be a BASE64 encoded representation of
// the thumbnail you generated on the server and then
// simply set it to the src property of your preview `<img>`
// element using the Data Uri scheme
}
});

Codeigniter AJAX and POST

What is the best way to address an AJAX script that sends data to POST in codeigniter? Right now I am loading a view with the AJAX through $this->load->view('AJAX', $data); however there is no UI or user actions in the view. It's simply running through the script and returning POST data a little after the script loads. I receive the POST data in my model where I input the values into the DB and output some other values based on the data.
I need to open a real view, set metatags and re-direct the user to another website afterwards.
How do I address this?
The problem I'm facing is that I cannot open up another view because the AJAX view is the one that's in focus but I need this AJAX view to be temporary that basically does it's thing and sends to POST.
Is there any convention that I can lookup/research to what I'm describing? Let me know what kind of clarification is needed if any.
Some people like to write "ajax" controllers and post to them exclusively, but you don't need to do that. You can handle the request in the same controller that handles the non-ajax request. Personally, I exclusively return json, but you can return chunks of HTML if that works better for you.
Your exact problem is vague (actual code would help clarify), but I think you are on the wrong track. Don't use a view for processing anything ever. Use your Controller layer, this is for handling input and requests.
Example of controller method responding to either ajax or non-ajax request:
function edit_user()
{
$data['status'] = $this->user_model->save();
if ($this->input->is_ajax_request())
{
// return json string with our update status
// Something like: {"status":true}
echo json_encode($data);
exit;
}
// Load the non ajax view with the same data
$this->load->view('users/edit', $data)
}
$this->input->is_ajax_request() is a function of the Input class that reads $_SERVER['HTTP_X_REQUESTED_WITH'] and checks if it's value is XMLHttpRequest. This should only be true if it's an "ajax" request.
You can make life easier by wrapping this in a class or function. No matter what you decide to do, don't use the view layer for processing data.
I think my problem is, how do I address javascript without a view? how do I call the script and/or where do I put the JS code in the controller? I felt it was the wrong direction to address the code in a view but I didn't see how else to do it.
Whenever possible, you should put javascript code in a .js file and use a <script> tag to load it, in an HTML document. The only other exception is putting it in a "view" file (a file that's only purpose is to construct your final HTML output). In other words, follow the same rules of HTML as to where to put javascript, and follow the usual conventions of MVC of where HTML belongs (in the view). Javascript code does not belong in your controller. Javascript is not processing your data, it is sending the data to the server.
I need to open a real view, set metatags and re-direct the user to another website afterwards.
If you want to load a view, then redirect (after a certain amount of time I assume), you can do it with javascript or a <meta> tag (but don't use a meta tag, use js).

Resources