Re: [phplib] protecting folders with phplib From: nathan r. hruby (nhruby <email protected>)
Date: 11/15/00

On 15 Nov 2000, Davor Cengija wrote:

> Daniel Bondurant <bondu <email protected>> writes:
>
> > is there anyway to protect an entire folder with phplib?
> > I have a bunch of binary files that I want to limit access to.
> >
> > They are (mostly) thumbnails of images, and the orginal images, and I will
> > be displaying 30 at a time.
> > I could use fread to pull the thumbnails out of a protected directory, but
> > that would be 30 authentications (plus the page itself) for each page. Is
> > there any way to give authenticate the entire folder, and all it's contents
> > with phplib without excessive authenticating?
>

phplib auth isn't that expensive. what I have done is make an imageproxy
that takes an id for an image, looks up it's file name (which is
outside of the web servers docroot) and type and outputs the correct
headers and then the image data. A listing of 30 - 40 images is really
quick (granted I haven't tried this with 640x480 images, but it should
work well as that what the end result is for.)

[Folks please don't get to pissy with this code.. I know it ain't the
cleanest, right now I need it to work. The program this is taken from
needs a comaplete re-write anyway.. Just waiting to learn Sablotron :)

The one thing that does cause issue is that you need to modify your
auth::auth_loginform() function to deal with the image proxy

  function auth_loginform() {
    global $sess, $challenge, $carousel_root, $PHP_SELF;

    if (ereg("image.php3", $PHP_SELF)) {
      // Can't login an image :)
      header("Content-type: image/jpeg");
      include($carousel_root . "html/denied.jpeg");
    } else {
      $challenge = md5(uniqid($this->magic));
      $sess->register("challenge");
      include("$carousel_root" . "lib/crcloginform.ihtml");
    }
  }

the image.php3 file looks like so:
<?php
/****************************************************************************
Carousel: imapge.php3 -> Gives out images to logged in users.
$Id: image.php3,v 1.3 2000/11/01 15:14:56 nathan Exp $

This script takes two paramters via GET method
id=XXXXX - The ID of the image we want to see
size-[thumb|full] - The size of the image to give
****************************************************************************/
//echo "break me<br>"; // Break header so we can see errors
/* Page Start */
include("../lib/config.inc");

/* We need to send headers, so debuging doesn't help
   We do this here, becasue config.inc will override all debug settings
   before this */
$debug = 0;

/* There is a specical case in phplib-init.inc::loginform() that makes the
auth class ignore image.php3 and send back an access denied image if
you're not authenticated */

page_open(array("sess" => "carousel_session",
                "auth" => "carousel_auth",
                "perm" => "carousel_perm",
                "user" => "carousel_user"));

// Probably don't need user, but we might wanna track users image viewing
// habits. Perms will get implemented RSN

include($carousel_root."lib/functions-phplib-depend.inc");
include($carousel_root."lib/class/image.class");

$db = new db_carousel;
$img = new image;

$id = $HTTP_GET_VARS["id"];
$size = $HTTP_GET_VARS["size"];

if (eregi("[0-9]", $id)) {
  $db->query("SELECT filename FROM thing WHERE thing_id='$id'");
  $db->next_record();

  $img->setImage($db->f("filename"));
  $type = $img->getType();

  header("Content-type: image/$type");

  if ($size == "thumb") {
    include($img->getThumb());
  } else if ($size == "full") {
    include($db->f("filename"));
  }
}

/* We don't call page close becasue the imageproxy doesn't need to update
sessions */
?>

and the image class looks like so:

<?php
/****************************************************************************
Carousel: image.class - Image related function class
$Id: image.class,v 1.2 2000/11/01 15:14:56 nathan Exp $
****************************************************************************/

class image {
  /* Storage variables for image stuff */
  var $currImg = array('filename' => "",
                       'imageSize' => "");
                       
  /*Sets the image we're going to deal with */
  function setImage($img) {
    global $debug;

    if ($debug) {
      echo "image::setImage -> setting $img <br>\n";
    }
    if (file_exists($img)) {
      $this->currImg['filename'] = $img;
      $this->currImg['imageSize'] = getimagesize($img);
      return true;
    } else {
      if ($debug) echo "image::setImage - file $img doesn't exsist<br>\n";
      return false;
    }
  }
  
  function getSize() {
    return(array($this->currImg['imageSize'][0],
                 $this->currImg['imageSize'][1]));
  }
  
  function getHTMLSize() {
    return($this->currImg['imageSize'][3]);
  }

  function getType() {
    if ($debug) {
      echo "Getting Type";
      echo "image::getType() - type is $this->currImg['imagesize'][2]<br>\n";
    }
    switch ($this->currImg['imageSize'][2]) {
      case 1:
        return("gif");
        break;
      case 2:
        return("jpeg");
        break;
      case 3:
        return("png");
        break;
      case 4:
        return("swf");
        break;
      default:
        return("unknown");
        break;
    }
  }
  function getThumb() {
    global $imagedir;
    $thumb = $imagedir . "/thumbs/" . $this->currImg['filename'];
    if (file_exists($thumb)) {
      return $thumb;
    } else {
      return $this->genThumb();
    }
  }

  function genThumb() {
    global $imagedir;
    $thumbfile = $imagedir . "/thumbs/" . basename($this->currImg['filename']);
    switch ($this->gettype()) {
      case "jpeg":
        $old = imagecreatefromjpeg($this->currImg['filename']);
        $new = $this->resizeforThumb($old);
        imagedestroy($old);
        imagejpeg($new, $thumbfile);
        return $thumbfile;
        break;
      case "png":
        $old = imagecreatefrompng($this->currImg['filename']);
        $new = $this->resizeforThumb($old);
        imagedestroy($old);
        imagepng($new, $thumbfile);
        return $thumbfile;
        break;
    }
  }

  // Need to implement a better way to determine thumb size, but 50% works
  // for now

  function resizeForThumb($old) {
    $new_size = $this->getsize();
    $new_size[0] = $new_size[0] / 2;
    $new_size[1] = $new_size[1] / 2;
    $new = imagecreate($new_size[0], $new_size[1]);
    imagecopyresized($new,
                     $old,
                     0, 0,
                     0, 0,
                     $new_size[0], $new_size[1],
                     imagesx($old), imagesy($old));
    return $new;
  }

  function reset() {
    unset($this->currImg);
  }

}

?> 

-- 
........
nathan hruby
Webmaster: UGA Department of Drama and Theatre
Project Maintainer: phpSlash, Carousel
nhruby <email protected>
........

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>