[FX.php List] Re: FX.php_List Digest, Vol 30, Issue 36
John Lannon
jlannon at gmail.com
Thu Jan 25 20:51:59 MST 2007
Kevin,
Thanks so much for the input. So far ,my approach has been similar to yours,
as I've been referencing a php file in the image source (e.g., <img src="
fmpimage.php..."/>) and feeding parameters to the php file via the GET query
string and pulling the database credentials from a file outside of the
public directory.
I've also implemented a rather primitive caching mechanism and primitive
image resizing using GD.
I'll include the code below. I'd appreciate any comments, tips,
optimizations.
Thanks,
John
<?php
// include server credentials here
if ($_GET['layout']){ $layout = $_GET['layout'];}
else {$layout = 'defaultLayoutName';}
function LoadJpeg ($imgname) {
$im = @ImageCreateFromJPEG ($imgname);
if (!$im) { /* See if it failed */
$im = ImageCreate (150, 30);
$bgc = ImageColorAllocate ($im, 255, 255, 255);
$tc = ImageColorAllocate ($im, 0, 0, 0);
ImageFilledRectangle ($im, 0, 0, 150, 30, $bgc);
/* Output an errmsg */
ImageString ($im, 1, 5, 5, "No Image Available", $tc);
}
return $im;
}
if ($_GET['size']) {
$size = $_GET['size'];
} else {
$size = '140'; // default image width
}
$recID = $_GET['recID'];
//
// $send_buffer_size = 4096 ;
// begin cache
$mime_type = 'image/jpeg' ;
$cache_folder = 'cache' ;
$cache_images = true ;
$cache_filename = $cache_folder . '/' . $recID . "_" . $size . ".jpg" ;
if($cache_images && ($file = @fopen($cache_filename,'rb')))
{
$savefile= "cache/" . $recID . "_" . $size . ".jpg";
} else {
$savefile= "cache/" . $recID . "_" . $size . ".jpg";
$filename =
"http://$webUN:$webPW@$serverIP:80/fmi/xml/cnt/data.jpg?-db=$DB&-lay=$layout&-recid=$recID&-field=Image";
$id=$filename;
$ch = curl_init ($id);
$fp = fopen ($savefile, "w");
curl_setopt ($ch, CURLOPT_FILE, $fp);
curl_setopt ($ch, CURLOPT_HEADER, 0);
curl_exec ($ch);
curl_close ($ch);
fclose ($fp);
$savefile= "cache/" . $recID . "_" . $size . ".jpg";
}
// end cache
$sz=$size;
$im=LoadJpeg($savefile);
// output
$im_width=imageSX($im);
$im_height=imageSY($im);
// work out new sizes
if($im_width >= $im_height)
{
$factor = $sz/$im_width;
$new_width = $sz;
$new_height = $im_height * $factor;
}
else
{
$factor = $sz/$im_height;
$new_height = $sz;
$new_width = $im_width * $factor;
}
// resize
$new_im=ImageCreateTrueColor($new_width,$new_height);
ImageCopyResized($new_im,$im,0,0,0,0,
$new_width,$new_height,$im_width,$im_height);
// output
header("Content-type: image/jpeg");
header( "Content-Description:PHP Generated Image" );
Imagejpeg($new_im ,'',100); // quality 75
// cleanup
ImageDestroy($im);
ImageDestroy($new_im);
?>
Message: 5
> Date: Thu, 25 Jan 2007 18:49:37 -0500
> From: "Kevin M. Cunningham" <kcunning at alum.mit.edu>
> Subject: Re: [FX.php List] Image Handling
> To: "FX.php Discussion List" <fx.php_list at mail.iviking.org>
> Cc: fx.php_list at mail.iviking.org
> Message-ID: <p06230902c1def1326c63@[192.168.0.101]>
> Content-Type: text/plain; charset="us-ascii" ; format="flowed"
>
> At 6:05 PM -0500 1/25/07, John Lannon wrote:
> >Dear List,
> >
> >I am looking for ideas regarding secure serving of images from a FMP
> >database. How many people are utilizing the image proxy script
> >included with the current release of FX.php? Have others come up
> >with specific, more secure methods of fetching FM image data?
> >
> >I know this isn't a specific question, but I was hoping to solicit
> >some general input.
>
> It's funny you should ask this, as I have been wrestling with this
> and came up with the following. Use a file (here named fmjpg.php for
> JPGs) to make the image query for your users, using the
> username/password data from a fmparams.php file. I imagine this has
> been done before, but I haven't seen it, and thought I'd pass it
> along.
>
> =========================
> <?php
>
> /*
> fmjpg.php - created by Kevin Cunningham, KCunning Consulting
> (www.kcunning.com).
> This file retrieves photos from a FileMaker database. It is handled
> by this file to avoid the user having to enter (or being able to see)
> usernames/passwords.
>
> Takes one argument: "recid" is RecordID of record containing image
> container field
>
> This script is called, for instance, as the url for any graphics file:
> <image src="http://<thisserver>/<path>/fmjpg.php?recid=1234">
> */
>
> # include standard settings (database name, etc.)
> # for best security, this file should not be anywhere in the www folder
> include 'fmparams.php';
>
> # $url components:
> # note that it uses the "http://username:password@hostname/ structure
> $url = 'http://' . $DBUser . ':' . $DBPass . '@' . $FMHost .
> '/fmi/xml/cnt/data.jpg?-db=' . $DBName . '&-lay=' . $DBLayout .
> '&-field=<mypicturefield>&-recid=' . $_REQUEST['recid'] ;
>
> # send to browser header data for a jpeg
> header('Content-type: image/jpeg');
> # if you want the picture to be saveable by a standard name
> header('Content-Disposition: inline; filename=picture' .
> $_REQUEST['recid'] . '.jpg');
>
> # send data retrieved from FileMaker (here uses readfile; if enabled,
> could use cURL instead)
> readfile($url);
>
> ?>
> ========================
>
> Such a construction at least has the advantage that the end user can
> never see the username/password being used. And it can be queried
> with https if desired.
>
> --Kevin
> --
>
> -Kevin M. Cunningham
> FileMaker 7/8 Certified Developer
> FSA Associate Member
> office: (617) 826-0257
> mobile: (617) 817-2978
> email: kcunning at alum.mit.edu
> web: www.kcunning.com
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20070125/3b908383/attachment.html
More information about the FX.php_List
mailing list