How to secure users image on server

Question

thatsnotmyname 0 Newbie Poster

7 Years Ago

my web application is really simple there are two buttons one called "save" and the other called "show my images"
basically the user can save images from facebook API and store them in the server folder called "backup" (to back up their images on the server so if they deleted their FB or image from FB they will have backup)
1- When the user click save the images will be stored in two locations. The image url will be stored in sql database but it will also be saved on server folder called "backup"
2- when they click show images the web will retrive the images url from the database and display the image. However when checkImage() is called it will check if the image url is valid or not if it not valiad it will retrive the same image from the server folder "backup"

my question is I don't want the admin to access the backup folder and be able to see all the users images
so before the images get saved in the backup folder on server I want to encode the user images and when they request the image it will decode and be displayed
Is this possible ?

function checkImage($url)
{
 if (@getimagesize($url)) {
echo  "image exists ";
} else {
echo  "image does not exist";
}
}

database javascript mysql php

2 Contributors
1 Reply
222 Views
1 Day Discussion Span
Latest Post 7 Years Ago Latest Post by broj1

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

broj1 356 Humble servant Featured Poster · Answer 1 · 2016-05-16T16:32:50+00:00

If you want to prevent unauthorised users from displaying the iamges you can encrypt them using mcrypt_encrypt. But be aware that you have to deal with key management to be able to decrypt later. By that I mean generating secure keys, securely storing the keys not to expose, corrupt or loose them etc). Maybe not that important since you still have images in the database. And BTW, does admin not have acess to the database (or put it differently can you prevent him to access it without you knowing it)?