Introduction

Basic Concepts

Understanding Routing

Intercepting Requests

Module Fundamentals

Database Operations

Templates

Helpers

Form Handling

Form Validation

Working With Files

Image Manipulation

Working With Dates & Times

Language Control

Authorization & Authentication

Tips And Best Practices

Meet The Image Module

Modern web applications don't just store images - they process them. Whether you're building user profiles with cropped avatars, product galleries with responsive thumbnails, or content systems that require automatic image optimization, handling images correctly is essential.

Trongate handles image operations with zero abstraction and full transparency. No opaque service layers. No configuration-heavy image processors. Instead, you get direct, predictable access to PHP's GD library through a clean, focused API.

The Trongate Approach

Trongate comes with its own Image module. The Image module exists for one purpose: to give you complete control over image manipulation while automatically handling security and validation.

Think of it as GD with guardrails - all the power of native PHP image processing, combined with security checks that prevent the most common attack vectors.

What You'll Learn

By the end of this chapter, you'll be able to:

Upload and validate images with automatic security scanning
Load existing images from disk for batch processing
Resize, crop, and scale images while preserving aspect ratios and transparency
Generate thumbnails with multiple dimensions from a single source
Serve images dynamically or save them to disk with proper compression
Secure private images using Trongate v2's Interceptor pattern

Your Image Manipulation Toolkit

All operations, handled by the Image module, are accessible from any controller via $this->image.

The pattern is intentionally consistent: $this->image->method(). No dependency injection. No service containers. Just clean, predictable calls that map directly to GD library functions.

Note for Trongate v1 Users: The Image module in Trongate v2 maintains the same internal code but adds enhanced security validation and better integration with the new modular architecture. If you're familiar with v1, you'll feel right at home.

The GD Foundation: Zero Abstraction

Trongate's Image module is a thin wrapper around PHP's GD library. What you see in the code is what runs on the server - no hidden transformations, no complex abstraction layers.

Direct GD Mapping

Every Image module method corresponds directly to a GD function. Examples include the following:

Trongate Method	GD Function	What It Does
included-image-resize_to_width()	`imagecopyresampled()`	Proportional resizing with quality preservation
included-image-crop()	`imagecrop()` + `imagecopyresampled()`	Precise cropping with position control
included-image-save()	`imagejpeg()` / `imagepng()` / etc.	Format-aware saving with compression
included-image-output()	`imagepng()` + output buffering	Direct browser streaming

Security by Design

Image uploads are a primary attack vector. Malicious files can bypass frontend validation, execute code, or consume server resources. The Image module applies four layers of automatic security validation on every upload:

1. MIME Type Verification

Checks that files are really images using both finfo and getimagesize():

2. File Signature Validation

Verifies the actual file signatures to prevent extension spoofing:

3. Script Injection Prevention

Scans the first 256 bytes for dangerous content:

4. Memory Limit Enforcement

Calculates required memory before processing to prevent server overload:

Important: These security checks are invoked automatically by the included-image-upload() method. You don't need to enable them or configure them - they're always active. This is what we mean by "security by design."

Image Module vs. File Module: When to Use Which

Trongate v2 provides two modules for handling files. Choosing the right one depends on your needs:

Use the Image module when: You need to process images (resize, crop, optimize, convert formats).

Use the File module when: You only need to store files (documents, archives, media without processing).

Two Ways to Get Images Into Memory

The Image module provides two methods for bringing images into memory:

included-image-upload() - For NEW Images

Use when handling file uploads from users. Automatically validates, secures, and optionally resizes/thumbnails the image.

included-image-load() - For EXISTING Images

Use when working with images already stored on disk. Perfect for batch processing, generating new sizes, or creating variations.

The Stateful Workflow Pattern

Once an image is in memory (via upload() or load()), the Image module follows a predictable stateful pattern:

This workflow ensures you always know what state your image is in and prevents accidental operations on unloaded images.

Key Principle: The Image module maintains one image in memory at a time. Each call to upload() or load() replaces the current image. Operations like resize() and crop() modify the loaded image directly.

What's Next

The following page walks through building a complete image uploader for user profile pictures. You'll learn:

How to create an upload form with proper image validation
How to configure automatic resizing during upload
How to display uploaded images using Trongate v2's asset triggers
How to handle upload errors and user feedback