In an attempt to keep user images safe, I am storing them outside the webroot and calling upon them with an id check within an additional “image.php” script. The script reads as follows.
session_start();
require("scripts/sqlconnect.php");
$id = $_SESSION['id'];
$img = $_GET['id'];
$img = stripslashes($img);
$img = strip_tags($img);
$sql = mysql_query("SELECT * FROM photos WHERE id='$id'");
$salt = mysql_query("SELECT * FROM members WHERE id='$id'");
$salt = mysql_fetch_array($salt);
$salt = $salt['salt'];
while($row = mysql_fetch_assoc($sql)){
$imgfp = $row['filepath'];
if(hash('sha256', $imgfp.$salt)==$img){
$data = getimagesize($imgfp);
if(!$data){
header('HTTP/1.0 403 Forbidden');
die('The file you requested is not an image.');
}
header('Content-type: ' .$data['mime']);
header('Content-length: ' .filesize($imgfp));
readfile($imgfp);
}
}
The problem I am running in to is utilizing FancyBox with such a script. When I link to these images (as shown below), the FancyBox fails to work and it just links directly to the image. Does anyone have experience with FancyBox or a similar script that would cater to this method for calling upon images?
<a class="fancybox" rel="'.$relgroup.'" href="image?id='.$photofp.'" title="'.$pinfo.'"><img class="tnail" src="'.$tnail.'" /></a>
The onload js added for FancyBox is this:
$(".fancybox")
.fancybox({
padding : 0,
'scrolling' : 'no',
helpers : {
title : {
type: 'outside'
},
}
});
I figured this out with assistance from JFK in comments above.
I created a new class
.fancyboximgand added the image type to that class along with the original onload changes stated in opening post.Images now open in the FancyBox as desired!