1046

How to access a folder from Trongate framework that contains images?

Comments for “How to access a folder from Trongate framework that contains images?”
 

Posted by siri on Tuesday 2nd April 2024 at 06:01 GMT

Hello all,
In public_html folder I have Trongate frame work folders and every thing fine. But client has created a folder called email-imgs and he has placed some images in that folder. Now he was trying to call like domain_name/email-imgs/happy-birthday-bg.png
This url leads to 404 Error : Page Not Found.
So how to access images from that folder?
Best Regards,
Siri K
Early Adopter

siri

User Level: Early Adopter

Date Joined: 19/07/2019

Posted by DaFa on Wednesday 3rd April 2024 at 12:43 GMT

Hi Siri,

I would suggest asking your client to relocate the folder from the root of your app to either the 'public' or 'assets' folder of a module. Trongate is served via the Apache web server and utilises the .htaccess file to consistently route to 'public.php', which then triggers the framework, regardless of what's on the URI.

I'm uncertain about the version of the Trongate framework running on your live server. However, if you examine 'engine/Core.php' (from the latest version), you'll find a method named 'serve_controller()'. This method reads segments 1, 2, and 3, and routes to special URIs like 'trongate_pages' and the API. Normally, segment(1) represents your controller and segment(2) your method. However, segment(1) can be intercepted, as demonstrated by the switch statement that handles 'dateformat' and 'tgp_element_adder'. You can add another case block to intercept 'email-imgs' in the URL.
case 'email-imgs':
    $this->draw_email_img();
    break;
With this code, it will load ONLY files with MIME types of 'image', such as .jpg, .png, .svg, .webp, etc.
private function draw_email_img(): void {

    $file_name = segment(2);
    $image_path = APPPATH . 'email-imgs/' . $file_name;

    if (file_exists($image_path)) {
        $content_type = mime_content_type($image_path);
        $mime_type = explode("/", $content_type)[0];
        if ($mime_type === 'image') {
            if ($content_type === 'image/svg') {
                $content_type .= '+xml';
            }
            http_response_code(200);
            header('Content-type: ' . $content_type);
            $contents = file_get_contents($image_path);
            echo $contents;
        }
    }
    http_response_code(404);
    $this->draw_error_page();
}
Although this code displays the image, it's not ideal as you can't embed it into an HTML file - well you can, but there is more to it... Therefore, my previous suggestion to move the folder to 'public' or a module's 'assets' folder remains the best option.

Cheers,
Simon

*** UPDATE - I had another look at this and turns out the code above will display an image fine in HTML.
In your controller, build the image path
$data['img_path'] = BASE_URL . 'email-imgs/' . $current_email_image;
Then in your view file
<div>
    <img src="<?= $img_path ?>" alt="email image">
</div>

Just remember that if you upgrade the framework with the Desktop app, Core.php will be overwritten. Also, consider security in case a malicious image file is uploaded.

This comment was edited by DaFa on Thursday 4th April 2024 at 02:53 GMT

Founding Member

DaFa

User Level: Founding Member

Date Joined: 30/11/2018

Posted by siri on Thursday 4th April 2024 at 23:08 GMT

Hi Simon,
Thank you for your reply. But I tried by placing index.php and .htaccess files in the related folder. With this change this is working fine. I don't know if it is good idea or not. Please suggest.
Best Regards,
Siri K
Early Adopter

siri

User Level: Early Adopter

Date Joined: 19/07/2019

Posted by DaFa on Sunday 7th April 2024 at 01:34 GMT

Hi Siri,

Copying the '.htaccess' file to the client's 'email-imgs' folder will allow the loading of ANY file type. (BTW - you don't need the 'index.php' file in there too, as it's the '.htaccess' file that is doing the redirecting.) This could introduce security vulnerabilities depending on the file uploaded via email. So, by having the '.htaccess' file there, anyone uploading a PHP script via email — let's call it 'trojan.php' — can execute it by just going to 'domain_name/email-imgs/trojan.php,' which could be devastating to your site. On the other hand, my code above will only allow files with a MIME type of 'image' to be passed through.
Founding Member

DaFa

User Level: Founding Member

Date Joined: 30/11/2018

Posted by siri on Sunday 7th April 2024 at 06:25 GMT

Hi Simon,
I did that just for workaround. I will implement the code that you shared here. Thanks for the clear explanation.
Siri K
Early Adopter

siri

User Level: Early Adopter

Date Joined: 19/07/2019

×