-1

Lets say the image and video urls are:

example.com/img/777.jpg
example.com/vid/888.mp4

but I don't want to create a direct link inside HTML and other frontend (like android app etc).

Are there any disadvantages using:

example.com/getfile.php?type=img&name=777.img

and

example.com/getfile.php?type=vid&name=888.mp4

and inside getfile.php

header('Location: https://example.com/' . $_GET['type'] . '/' . $_GET['name']);

?

Because I don't see any, it looks like it works just like it would be with direct link to the file, also caching is working.

So is there something I should look out for?

I already tried this: Output an Image in PHP but there I have trouble playing videos, it looks like they only start playing after the whole file is loaded

Pikaboo
  • 310
  • 1
  • 4
  • 16
  • The way you are doing this is preferred by a lot of people .. That way you can control content based on login info or any other criteria .. Also the images and videos don't have to be in the public html directory .. Which also means you can control who has access to said videos and images based on your script `getfile.php` All the while not being "publicallyy viewable" without going through the script .. – Zak Mar 26 '21 at 20:09
  • Thanks for the answer! Let's see if someone know if there are any disadvantages doing that and if not then you could use the comment as answer and I would accept – Pikaboo Mar 26 '21 at 20:12

2 Answers2

0

Normally I would use this approach if I need to pass so params to file, like resize

Most of pic placeholder use it (https://picsum.photos/200/300?grayscale)

Also you can use Origin to protect it from hot linking.

Disadvantage is too many processing. A lot of work is doing on php/webserver part. So instead of just passing that file you are putting it on RAM of server. I might cost more. It's ok if thats not concern, all I am saying that you need good reason to do that, and if you have it, well use this approach :)

Edit:

Instead of header() just echo that path to static file

echo "http://example.com/".$_GET['type']."/".$_GET['name'];

flakerimi
  • 2,417
  • 2
  • 28
  • 45
  • You sure that header('Location: https://example.com/' . $_GET['type'] . '/' . $_GET['name']); would make the file go into RAM? Why would it doing it and not when using direct linking? That's weird – Pikaboo Mar 26 '21 at 20:19
  • No, if you process more, with php like resize, this way you are just redirecting, which thats double requests to server. I would rather generate url to static. Return that path. – flakerimi Mar 26 '21 at 20:23
  • Can you show an example how you would do that? – Pikaboo Mar 26 '21 at 20:24
  • But when I open the image in a new tab then I just see the file path which means everyone can see where this file is. So as long as there aren't any better solutions and no further disadvantages than bit more processing I'll keep with header('location.. – Pikaboo Mar 26 '21 at 20:33
  • Yeah, make sense if you just want to hide location of static files, You can complicate/simplify as much as you want, I just wanted to show so usages. – flakerimi Mar 26 '21 at 20:37
  • You can also set the mime type and pass in the raw video / image data .. Effectively making a "player" – Zak Mar 26 '21 at 21:01
  • @Zak you mean like that: header('Content-Type:' . $type); header('Cache-control: max-age='.(60*60*24*365)); readfile('https://example.com/vid/888.vid'); ? – Pikaboo Mar 26 '21 at 21:17
  • @Pikaboo check this accepted answer: https://stackoverflow.com/questions/3697748/fastest-way-to-serve-a-file-using-php – flakerimi Mar 26 '21 at 21:20
0

The disadvantages I could see from now are:

  1. Writing a wrong type= would lead to an HTTP code 404 since the folder doesn't exist.
  2. I do this in my project: images and videos of the webpage in one specific folder others go to the root of assets. By your method, you will end up having lots of images/videos in the same folder.
  3. The $GET pass through urldecode() and this one converts plus sign(+) into white space $_GET reference. (ex: my+image.png => my image.png)
  4. The character limitation in GET is about 2000. (URL limitation)
francisco
  • 388
  • 1
  • 5
  • 16
  • 1
    1 and 2: I only gave basic examples, I have deeper folder structure and don't really use parameters like "type". 3 the images are all alphanumeric and 4. I won't exceed 2000 chars :D – Pikaboo Mar 26 '21 at 21:52