Keeping session alive when loading images from database

[Daffy]

Cake version: 1.1
CAKE_SECURITY level: high

Hello everyone. I hope this question is not too complicated. I've been
struggling with an issue for a couple of days. I have an image upload
script that uploads images to a MySQL database, storing it as a BLOB,
also creating a thumbnail for the image when it does this.

I developed this with the help of the following sites:
1. http://cakebaker.42dh.com/2006/04/15/file-upload-with-cakephp/
2. http://www.phpro.org/tutorials/Storing-Images-in-MySQL-with-PHP.html#1

Downloading an image works fine (using Content-Disposition header) but
when trying to load more than one thumbnail in a view, my Cake session
is destroyed and the user is automatically logged out when they
attempt to load another page.

I don't have this problem when the Cake security level is set to
MEDIUM, but I'm trying to keep it working with a security level of
HIGH.

Here is my controller:
=================================
        // this is for image uploading.
    function add()
    {
    // Read person from ID from session variable
        $lastPerson = $this->Session->read('lastPersonId');

    // is_uploaded_file is used for security.
    // getimagesize is to verify the user uploads an image file type,
also for security.
        if (!empty($this->params['form']) && is_uploaded_file($this-
>params['form']['ImageUpload']['tmp_name'])
        && getimagesize($this->params['form']['ImageUpload']
['tmp_name']) != false)
        {

                $fileData = fread(fopen($this->params['form']['ImageUpload']
['tmp_name'], "r"),
                                     $this->params['form']
['ImageUpload']['size']);

                        // get the thumb image info.
                        $thumb = 
getimagesize($this->params['form']['ImageUpload']
['tmp_name']);

                        // assign thumb variables.
                        $image_type = $thumb['mime'];
                    $imgfp = fread(fopen($this->params['form']['ImageUpload']
['tmp_name'], 'rb'), $this->params['form']['ImageUpload']['size']);
                $image_width = $thumb[0];
                $image_height = $thumb[1];
                $image_size = $thumb[3];

                // create a second variable for the thumbnail.
                $thumb_data = file_get_contents($this->params['form']
['ImageUpload']['tmp_name']);

                // get the aspect ratio for the thumbnail (height / width).
                $aspectRatio=(float)($thumb[0] / $thumb[1]);

                // thumbnail height.
                $thumb_height = 100;

                // the thumb width is the thumb height/aspect ratio.
                $thumb_width = $thumb_height * $aspectRatio;

                // get the image source, apply to variable $src.
            $src = imagecreatefromstring($thumb_data);

                // create the destination image.
                $destImage = ImageCreateTrueColor($thumb_width,
$thumb_height);

                // copy and resize the $src image to the destination image.
                ImageCopyResampled($destImage, $src, 0,0,0,0, $thumb_width,
$thumb_height, $thumb[0], $thumb[1]);

                // start output buffering.
                ob_start();

                // export the image.
                imageJPEG($destImage);

                // stick the image content in the variable $image_thumb
                $image_thumb = ob_get_contents();

                // clean up the output buffer and turn off the output
buffering.
                ob_end_clean();

                $this->params['form']['ImageUpload']['thumb'] = $image_thumb;

                        // $size = size of the image file. Set a maximum size.
                        $size = $this->params['form']['ImageUpload']['size'];
                        // 2000000 = 2MB.
                        $maxsize = 2000000;
                // is the image less than this max value? If so, continue
with the save.
                if($size < $maxsize) {
            $this->params['form']['ImageUpload']['data'] = $fileData;

            // insert the user's ID into the file upload table so we
know who it belongs to.
            $this->params['form']['ImageUpload']['person_id'] =
$lastPerson;

            $this->ImageUpload->save($this->params['form']
['ImageUpload']);

            // save successful, so let's confirm the upload and
redirect the user.
            $this->Session->setFlash('Upload successful.');
            $this->redirect('tongue_uploads/add');
                }
                else {
                        // if the image is too big, show this error.
                        $this->Session->setFlash('The file was too big.');
                }
        }
        elseif (!empty($this->params['form']) && getimagesize($this-
>params['form']['ImageUpload']['tmp_name']) == false) {
                // if the file is not an image type, show this error.
                $this->Session->setFlash('Please upload the correct file
type.');
            }

                $conditions = "person_id=$lastPerson ";
                // die(debug($this->ImageUpload->findAll($conditions, null)));
                $this->set('ImageUploads', 
$this->ImageUpload->findAll($conditions,
null));
    }

        // this is for image downloading. It works in combination with the
add function.
        function download($id)
        {
                Configure::write('debug', 0);
                $file = $this->ImageUpload->findById($id);

        // Read person from ID from session variable
                $lastPerson = $this->Session->read('lastPersonId');

                header('Content-type: ' . $file['ImageUpload']['type']);
//      header('Content-length: ' . $file['ImageUpload']['size']);
        header('Content-Disposition: attachment; filename='.$file
['ImageUpload']['name']);
        echo $file['ImageUpload']['data'];

                $desired_width = 50;
                $desired_height = 50;

                $im = imagecreatefromstring($file['ImageUpload']['data']);
                $new = imagecreatetruecolor($desired_width, $desired_height);

                $x = imagesx($im);
                $y = imagesy($im);

                imagecopyresampled($new, $im, 0, 0, 0, 0, $desired_width,
$desired_height, $x, $y);

                imagedestroy($im);

                header('Content-type: image/jpeg');
                imagejpeg($new, null, 100);

                exit();
        }

        // this is for displaying thumbnails in a view.
        function display($id) {

        Configure::write('debug', 0);
        $file = $this->ImageUpload->findById($id);
    echo $file['ImageUpload']['thumb'];

    header('Content-type: ' . $file['ImageUpload']['type']);
    exit();
        }

=================================

Here is my view:

=================================
        <?php foreach($ImageUploads as $ImageUpload): ?>

                        <td><img src="/image_uploads/display/<?php echo 
$ImageUpload
['ImageUpload']['id']; ?>"></td>
                        <td><?php echo 
$ImageUpload['ImageUpload']['name'];?></td>
                        <td><?php echo 
$ImageUpload['ImageUpload']['pic_date'];?></td>
                        <td>
                                <?php echo 
$html->link('Edit','/image_uploads/edit/img_id:' .
$ImageUpload['ImageUpload']['id']); ?> |
                                <a href="/image_uploads/download/<?php echo 
$ImageUpload
['ImageUpload']['id']; ?>">Download</a>
                        </td>
                </tr>
        <?php endforeach; ?>
=================================

Any ideas?

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to 
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---