Images

[Johnny26652]

Best way to display images online using access/asp?

[rdivilbiss]

Depends on what you wish to accomplish.

You can simply write an image tag with response.write or you can stream the image using ASP, VBScript and the ADO object.

[rdivilbiss]

Here is the code for streaming...

http://www.rodsdot.com/ee/dynamicImage.asp

[rdivilbiss]

A simpler example which shows a "cover image" made transparent via CSS, then uses ASP to stream an image under the transparent image.

WHY? When someone saves the image, they get a non-transparent version of the "cover image" rather than the streamed image.

This example of image protection can be defeated, but the point is demonstrating the image streaming. Note the page which calls the ASP image streaming page, is simply a normal HTML page, not an ASP page.

http://www.rodsdot.com/ee/protectImage.htm

[rdivilbiss]

You can not protect images, just annoy people.

In order for the image to be displayed in a web browser, it must first be doewnloaded to the local computer and then displayed.

Once it is downloaded, the user can find it and copy it.

You also can not disable the local computer's system commands, such as F1 for help or PrtScr to copy the visible screen. To do that would require you to leave the confines of the web browser and force the user to download and execute some program which can interfere with the OS. Even those programs can be defeated by hooking to the OS system calls before that program is run.

Methods to disable right mouse button clicks in a HTML document rely on JavaScript which the user can simply disable. In addition, using the keyboard shortcuts instead of a mouse click will always succeed as your web page can not intercept or prevent those calls to the OS. (The OS and the Browser program receive the key events before your web page's code will.)

Simply do not waste your time on such nonsense.

Streaming images has a number of useful purposes, such as hiding the location of the image file to prevent automated bots from completing a form (aka Captcha programs), or to prevent leaching (a person consuming your bandwidth by using your images in their web page, or for image manipulation before sending the image to the browser (reduce the size, add a watermark.)

[rdivilbiss]

For a directory of staff person images I would simply response.write the image tag after retrieving the image's URL from the database.

imgUrl = rs("imageUrl")
response.write("<img border=""0"" src=""" & imgUrl & """>")

[VGR]

HTTP_REFERER is not always set ; it depends.

you may also have an X_FORWARDED_FOR if my memory is correct.

Let me check my code base...

ah no, sorry, it's for the REMOTE_ADDR :

$ip=($_SERVER['HTTP_X_FORWARDED_FOR']=="")?$_SERVER['REMOTE_ADDR']:$_SERVER['HTTP_X_FORWARDED_FOR'];


sorry. You've to handle the case when HTTP_REFERER is not set and consider it's a direct access to your page (like from a bookmark or typing the URI in the address bar of the browser)

[VGR]

just for memory, I've also seen code using this logic :
1 => $_SERVER['REMOTE_ADDR'],
2 => $HTTP_X_FORWARDED_FOR,
3 => $HTTP_PROXY_USER,
4 => $REMOTE_ADDR

[rdivilbiss]

just for memory, I've also seen code using this logic :
1 => $_SERVER['REMOTE_ADDR'],
2 => $HTTP_X_FORWARDED_FOR,
3 => $HTTP_PROXY_USER,
4 => $REMOTE_ADDR

PHP in an ASP forum question may be a bit confusing....

I don't have HTTP_Referrer in my server variable collection is there a way around?

The ASP object always has an HTTP_REFERER item in the ServerVariables collection. Note it is refeRer and not RefeRRer. If you mis-spell it you are referencing a non-existant item in the collection.

The HTTP_REFERER could be an empty string under some circumstances, but not in the case of the protected image example.

In any event, the section:

Code:

if Request.ServerVariables("HTTP_REFERER")="http://www.rodsdot.com/ee/protectImage.htm" then
img = "/images/somerights20.gif"
else
img = "/ee/images/protect.gif"
end if

' no browser caching of this page !! to be used on all pages

Response.Expires=-1
Response.ExpiresAbsolute = Now() - 1

' do not allow proxy servers to cache this page !! to be used on all pages
Response.CacheControl="private"
Response.CacheControl="no-cache"
Response.CacheControl="no-store"

... is not necessary and is only included to prevent the image streaming code from returning an image from any page other than the protectImage.htm page from my server, and to prevent caching (which may or may not be needed and could be ignored by the browser anyway.

What will matter is setting the correct mime type, e.g.

Code:

Response.ContentType = "image/gif"

So for a simplified version:

Code:

<%
Dim img, objStream
img = Request.QueryString("img")

Set objStream = Server.CreateObject("ADODB.Stream")
 
'Open a image file
objStream.Type = 1 ' adTypeBinary
objStream.Open
objStream.LoadFromFile Server.MapPath(img)
 
'Output the contents of the stream object
if Right(LCase(img),3)="gif" then
    Response.ContentType = "image/gif"
else
    Response.ContentType = "image/jpeg"
end if
Response.BinaryWrite objStream.Read
%>

and you may call that from any page, like this:

Code:

<img src="streamImage.asp?img=filename.jpg">

There is no advantage to streaming an image for the application you indicated, (company directory).

The image streaming page will not reveal errors to your calling page, so it is not simple to debug. (You would need to put debug statements in the image streaming code and call that page directly.)

You do not need HTTP_REFERER for anything when attempting to write an image tag or streaming an image for your company directory, UNLESS after you have a working display page you wish to limit access to specific calling pages.

[rdivilbiss]

Again, if you are only reading a image from disk, then simply inserting the correct HTML image tag into your page is all you need and streaming is just adding unnecessary complexity to your project.

If you are streaming and returning garbage characters, one might guess you are streaming binary data correctly, but may have an improper tag in your calling page.

We would need to see the code which generates the HTML image tag, and the code you put in your steam image ASP page.

[rdivilbiss]

You can not put the ASP code inside HTML.

The purpose of the ASP code is to stream an image as would be retrieved when an HTML page calls an image file.

That means you are sending response.headers to the browaer to indicate what it is receiving. By putting the ASP inside HTML, the headers have already been sent before the ASP is interpreted.

http://www.rodsdot.com/temp_testing/johnnyImageStream.asp

is your code without the HTML.

e.g. exactly - no more - no less

Code:

<%
Dim img, objStream
img = "test.jpg"

Set objStream = Server.CreateObject("ADODB.Stream")
 
'Open a image file
objStream.Type = 1 ' adTypeBinary
objStream.Open
objStream.LoadFromFile Server.MapPath(img)
 
'Output the contents of the stream object
if Right(LCase(img),3)="gif" then
    Response.ContentType = "image/gif"
else
    Response.ContentType = "image/jpeg"
end if
Response.BinaryWrite objStream.Read

objStream.Close
Set objStream = Nothing
%>

Which is exactly the same as simply loading:

http://www.rodsdot.com/temp_testing/test.jpg

Also the same as if you created an HTML only file which has

Code:

<html>
<body>
<img src="http://www.rodsdot.com/temp_testing/johnnyImageStream.asp">
</body>
</html>

or

Code:

<html>
<body>
<img src="http://www.rodsdot.com/temp_testing/test.jpg">
</body>
</html>

[rdivilbiss]

How do i set the height and width of the image in my html page?

Assume the native height and width of the image file is 300px X 200px.

If you load it, either via streaming or with an image tag, it will appear at its native size.

If you change the height and width attributes on the image tag it will resize in the browser to match.

So: <img src="filename.jpg" height="150" width="100"> would display at 50%.

If we make the image larger than its native size, or change its height/width ratio it will be distorted.

A minor change to the streaming code:

Code:

<%
Dim img, objStream
' img = "test.jpg"
img = request.querystring("img")

Set objStream = Server.CreateObject("ADODB.Stream")
 
'Open a image file
objStream.Type = 1 ' adTypeBinary
objStream.Open
objStream.LoadFromFile Server.MapPath(img)
 
'Output the contents of the stream object
if Right(LCase(img),3)="gif" then
    Response.ContentType = "image/gif"
else
    Response.ContentType = "image/jpeg"
end if
Response.BinaryWrite objStream.Read

objStream.Close
Set objStream = Nothing
%>

e.g. get the filename via the URL, will allow you to do:

Code:

<img src="streamImage.asp?img=filename.jpg" height="150" width="100">

NOTE: We are not doing a response.write inside the image tag to call the streamImage.asp page. The <img> tag does not care what the URL is for the image "src."  It is simply calling the streamImage.asp page just like we would call an image file.

So, if your page was created dynamically by ASP, the response.write for the <img> tag must not execute streamImage.asp but simply write the URL to the browser so the browser calls it.

e.g.

Code:

...[snip]...
'get up person's image file name
personsImage = rs("imageFilenameString")

'write the image tag
response.write("<img src=""streamImage.asp?img="& personsImage &""" height="150" width="100">")
...[snip]...

[rdivilbiss]

MapPath does no error checking. Your path should start with a directory name or a slash. If you start with a slash you are traversing the directories from the base href, which is almost always going to be the web root.

If your path does not start with a slash, you are traversing the directories begining in the current folder.

Code:

wwwroot-+
        default.asp
        image1.jpg
        +- images -+
                   image2.jpg
        +- subdirectory -+
                         image3.jpg

in default.asp (webroot), these are all valid.
Server.MapPath("image1.jpg")
Server.MapPath("images/image2.jpg")
Server.MapPath("subdirectory/image3.jpg")

However, if your ASP page was in the "subdirectory" folder...
Server.MapPath("/image1.jpg")
Server.MapPath("/images/image2.jpg")
Server.MapPath("/subdirectory/image3.jpg")
{or Server.MapPath("image3.jpg")}

would be required. This notation would also work for the former case, or no matter what folder your ASP page is in, so I always use a slash to create the virtual path from the root.  Note also that you can not use dotted paths, nor is it necessary.

So in the "subdirectory" examples, you could use:
"../image1.jpg"
"../images/image2.jpg"

as the source attribute for an image tag, but you can not use those paths with Server.MapPath. I would also argue you should not use dotted paths even in your HTML. It is always more precise to use vairtual paths starting from the webroot. If your images are outside the webroot, you should not be able to use dotted paths to "eascape" the root and many servers will have dotted paths restricted.