[FX.php List] Re: FX.php_List Digest, Vol 30, Issue 36

John Lannon jlannon at gmail.com
Thu Jan 25 20:51:59 MST 2007 

Kevin,

Thanks so much for the input. So far ,my approach has been similar to yours,
as I've been referencing a php file in the image source (e.g., <img src="
fmpimage.php..."/>) and feeding parameters to the php file via the GET query
string and pulling the database credentials from a file outside of the
public directory.

I've also implemented a rather primitive caching mechanism and primitive
image resizing using GD.

I'll include the code below. I'd appreciate any comments, tips,
optimizations.

Thanks,
John

<?php
// include server credentials here
if ($_GET['layout']){ $layout = $_GET['layout'];}
else {$layout = 'defaultLayoutName';}

function LoadJpeg ($imgname) {
$im = @ImageCreateFromJPEG ($imgname);
if (!$im) { /* See if it failed */
  $im = ImageCreate (150, 30);
  $bgc = ImageColorAllocate ($im, 255, 255, 255);
  $tc = ImageColorAllocate ($im, 0, 0, 0);
  ImageFilledRectangle ($im, 0, 0, 150, 30, $bgc);
  /* Output an errmsg */
  ImageString ($im, 1, 5, 5, "No Image Available", $tc);
}
  return $im;
}

if ($_GET['size']) {
    $size = $_GET['size'];
} else {
    $size = '140'; // default image width
}
$recID = $_GET['recID'];

//

// $send_buffer_size = 4096 ;

// begin cache

$mime_type = 'image/jpeg' ;
$cache_folder = 'cache' ;
$cache_images = true ;
$cache_filename = $cache_folder . '/' . $recID . "_" . $size . ".jpg" ;
if($cache_images && ($file = @fopen($cache_filename,'rb')))
{
     $savefile= "cache/" . $recID . "_" . $size . ".jpg";
} else {
    $savefile= "cache/" . $recID . "_" . $size . ".jpg";
    $filename =
"http://$webUN:$webPW@$serverIP:80/fmi/xml/cnt/data.jpg?-db=$DB&-lay=$layout&-recid=$recID&-field=Image";
    $id=$filename;
    $ch = curl_init ($id);
    $fp = fopen ($savefile, "w");
    curl_setopt ($ch, CURLOPT_FILE, $fp);
    curl_setopt ($ch, CURLOPT_HEADER, 0);
    curl_exec ($ch);
    curl_close ($ch);
    fclose ($fp);
    $savefile= "cache/" . $recID . "_" . $size . ".jpg";
}

// end cache

$sz=$size;
$im=LoadJpeg($savefile);

// output
$im_width=imageSX($im);
$im_height=imageSY($im);

// work out new sizes
if($im_width >= $im_height)
{
  $factor = $sz/$im_width;
  $new_width = $sz;
  $new_height = $im_height * $factor;
}
else
{
  $factor = $sz/$im_height;
  $new_height = $sz;
  $new_width = $im_width * $factor;
}

// resize
$new_im=ImageCreateTrueColor($new_width,$new_height);
ImageCopyResized($new_im,$im,0,0,0,0,
                 $new_width,$new_height,$im_width,$im_height);

// output
header("Content-type: image/jpeg");
header( "Content-Description:PHP Generated Image" );
Imagejpeg($new_im ,'',100); // quality 75

// cleanup

ImageDestroy($im);
ImageDestroy($new_im);
?>




Message: 5
> Date: Thu, 25 Jan 2007 18:49:37 -0500
> From: "Kevin M. Cunningham" <kcunning at alum.mit.edu>
> Subject: Re: [FX.php List] Image Handling
> To: "FX.php Discussion List" <fx.php_list at mail.iviking.org>
> Cc: fx.php_list at mail.iviking.org
> Message-ID: <p06230902c1def1326c63@[192.168.0.101]>
> Content-Type: text/plain; charset="us-ascii" ; format="flowed"
>
> At 6:05 PM -0500 1/25/07, John Lannon wrote:
> >Dear List,
> >
> >I am looking for ideas regarding secure serving of images from a FMP
> >database. How many people are utilizing the image proxy script
> >included with the current release of FX.php? Have others come up
> >with specific, more secure methods of fetching FM image data?
> >
> >I know this isn't a specific question, but I was hoping to solicit
> >some general input.
>
> It's funny you should ask this, as I have been wrestling with this
> and came up with the following. Use a file (here named fmjpg.php for
> JPGs) to make the image query for your users, using the
> username/password data from a fmparams.php file. I imagine this has
> been done before, but I haven't seen it, and thought I'd pass it
> along.
>
> =========================
> <?php
>
> /*
> fmjpg.php - created by Kevin Cunningham, KCunning Consulting
> (www.kcunning.com).
> This file retrieves photos from a FileMaker database. It is handled
> by this file to avoid the user having to enter (or being able to see)
> usernames/passwords.
>
> Takes one argument: "recid" is RecordID of record containing image
> container field
>
> This script is called, for instance, as the url for any graphics file:
> <image src="http://<thisserver>/<path>/fmjpg.php?recid=1234">
> */
>
> # include standard settings (database name, etc.)
> # for best security, this file should not be anywhere in the www folder
> include 'fmparams.php';
>
> # $url components:
> # note that it uses the "http://username:password@hostname/ structure
> $url = 'http://' . $DBUser . ':' . $DBPass . '@' . $FMHost .
> '/fmi/xml/cnt/data.jpg?-db=' . $DBName . '&-lay=' . $DBLayout .
> '&-field=<mypicturefield>&-recid=' . $_REQUEST['recid'] ;
>
> # send to browser header data for a jpeg
> header('Content-type: image/jpeg');
> # if you want the picture to be saveable by a standard name
> header('Content-Disposition: inline; filename=picture' .
> $_REQUEST['recid'] . '.jpg');
>
> # send data retrieved from FileMaker (here uses readfile; if enabled,
> could use cURL instead)
> readfile($url);
>
> ?>
> ========================
>
> Such a construction at least has the advantage that the end user can
> never see the username/password being used. And it can be queried
> with https if desired.
>
> --Kevin
> --
>
> -Kevin M. Cunningham
>   FileMaker 7/8 Certified Developer
>   FSA Associate Member
>   office: (617) 826-0257
>   mobile: (617) 817-2978
>   email: kcunning at alum.mit.edu
>   web:   www.kcunning.com
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20070125/3b908383/attachment.html

More information about the FX.php_List mailing list