Access to CMSMS context from external php module
Posted: Fri Nov 28, 2008 2:22 pm
Hi,
I am currently developing pages to display photo album. I have very special needs, and that's why I decided not to use a standard module.
I have used templates and UDTs to cleanly separate formatting from php code, and this is working fine. But now I have a problem that seems harder to solve. I will use Front End users module to handle the rights to see some photo albums or not. But to fully protect my pictures, I store them on a directory which is protected by .htaccess. This means that I can no more use the standard way of displaying pictures:
But instead, I use:
The disp_pict.php script is already written and working fine:
This php script can obviously not be replaced by a UDT, as it is called from the browser once the page is loaded. But a part that is missing in this script is to check that the user has really the right to display this image. For this, I would need to get information about the user currently connected as a front end user. How could I do this from this external module?
Thanks,
Patrick
I am currently developing pages to display photo album. I have very special needs, and that's why I decided not to use a standard module.
I have used templates and UDTs to cleanly separate formatting from php code, and this is working fine. But now I have a problem that seems harder to solve. I will use Front End users module to handle the rights to see some photo albums or not. But to fully protect my pictures, I store them on a directory which is protected by .htaccess. This means that I can no more use the standard way of displaying pictures:
Code: Select all
<img src="/folder/mypict.jpg" />Code: Select all
<img src="/scripts/disp_pict.php?image_id=547" />Code: Select all
<?php
require_once('connect.php');
if (isset ($_GET["image"])) {
$image_id = $_GET["image"];
} else {
$image_id = 0;
}
if (isset ($_GET["taille"])) {
$taille = $_GET["taille"];
} else {
$taille = 0;
}
$query_Image = "select Album.Chemin, Image.Fichier
from Album, Image
where Image.Album_id = Album.Album_id
and Image.Image_id = " . $image_id ;
$rsImage = mysql_query($query_Image, $photos_db) or die(mysql_error());
$row_rsImage = mysql_fetch_assoc($rsImage);
$racine = "/myserver/htdocs/albums/";
$imgFile = $racine . $row_rsImage['Chemin'] . "/t" . $taille . "/" . $row_rsImage['Fichier'];
header('Content-type: image/jpeg');
header('Content-Length: ' . filesize($imgFile));
$pipe = fopen($imgFile, 'rb');
fpassthru($pipe);
fclose($pipe);
?>Thanks,
Patrick