>From core.php "CakePHP session IDs are also regenerated between requests if 'Security.level' is set to 'high'."
That's expected behavior. Setting it to medium is what I've done in my app since I make heavy use of concurrent ajax calls. Regards, Alfredo On Tue, Mar 17, 2009 at 2:03 PM, Daffy <[email protected]> wrote: > > Cake version: 1.1 > CAKE_SECURITY level: high > > Hello everyone. I hope this question is not too complicated. I've been > struggling with an issue for a couple of days. I have an image upload > script that uploads images to a MySQL database, storing it as a BLOB, > also creating a thumbnail for the image when it does this. > > I developed this with the help of the following sites: > 1. http://cakebaker.42dh.com/2006/04/15/file-upload-with-cakephp/ > 2. http://www.phpro.org/tutorials/Storing-Images-in-MySQL-with-PHP.html#1 > > Downloading an image works fine (using Content-Disposition header) but > when trying to load more than one thumbnail in a view, my Cake session > is destroyed and the user is automatically logged out when they > attempt to load another page. > > I don't have this problem when the Cake security level is set to > MEDIUM, but I'm trying to keep it working with a security level of > HIGH. > > Here is my controller: > ================================= > // this is for image uploading. > function add() > { > // Read person from ID from session variable > $lastPerson = $this->Session->read('lastPersonId'); > > // is_uploaded_file is used for security. > // getimagesize is to verify the user uploads an image file type, > also for security. > if (!empty($this->params['form']) && is_uploaded_file($this- >>params['form']['ImageUpload']['tmp_name']) > && getimagesize($this->params['form']['ImageUpload'] > ['tmp_name']) != false) > { > > $fileData = fread(fopen($this->params['form']['ImageUpload'] > ['tmp_name'], "r"), > $this->params['form'] > ['ImageUpload']['size']); > > // get the thumb image info. > $thumb = > getimagesize($this->params['form']['ImageUpload'] > ['tmp_name']); > > // assign thumb variables. > $image_type = $thumb['mime']; > $imgfp = fread(fopen($this->params['form']['ImageUpload'] > ['tmp_name'], 'rb'), $this->params['form']['ImageUpload']['size']); > $image_width = $thumb[0]; > $image_height = $thumb[1]; > $image_size = $thumb[3]; > > // create a second variable for the thumbnail. > $thumb_data = file_get_contents($this->params['form'] > ['ImageUpload']['tmp_name']); > > // get the aspect ratio for the thumbnail (height / width). > $aspectRatio=(float)($thumb[0] / $thumb[1]); > > // thumbnail height. > $thumb_height = 100; > > // the thumb width is the thumb height/aspect ratio. > $thumb_width = $thumb_height * $aspectRatio; > > // get the image source, apply to variable $src. > $src = imagecreatefromstring($thumb_data); > > // create the destination image. > $destImage = ImageCreateTrueColor($thumb_width, > $thumb_height); > > // copy and resize the $src image to the destination image. > ImageCopyResampled($destImage, $src, 0,0,0,0, $thumb_width, > $thumb_height, $thumb[0], $thumb[1]); > > // start output buffering. > ob_start(); > > // export the image. > imageJPEG($destImage); > > // stick the image content in the variable $image_thumb > $image_thumb = ob_get_contents(); > > // clean up the output buffer and turn off the output > buffering. > ob_end_clean(); > > $this->params['form']['ImageUpload']['thumb'] = $image_thumb; > > // $size = size of the image file. Set a maximum size. > $size = $this->params['form']['ImageUpload']['size']; > // 2000000 = 2MB. > $maxsize = 2000000; > // is the image less than this max value? If so, continue > with the save. > if($size < $maxsize) { > $this->params['form']['ImageUpload']['data'] = $fileData; > > // insert the user's ID into the file upload table so we > know who it belongs to. > $this->params['form']['ImageUpload']['person_id'] = > $lastPerson; > > $this->ImageUpload->save($this->params['form'] > ['ImageUpload']); > > // save successful, so let's confirm the upload and > redirect the user. > $this->Session->setFlash('Upload successful.'); > $this->redirect('tongue_uploads/add'); > } > else { > // if the image is too big, show this error. > $this->Session->setFlash('The file was too big.'); > } > } > elseif (!empty($this->params['form']) && getimagesize($this- >>params['form']['ImageUpload']['tmp_name']) == false) { > // if the file is not an image type, show this error. > $this->Session->setFlash('Please upload the correct file > type.'); > } > > $conditions = "person_id=$lastPerson "; > // die(debug($this->ImageUpload->findAll($conditions, null))); > $this->set('ImageUploads', > $this->ImageUpload->findAll($conditions, > null)); > } > > // this is for image downloading. It works in combination with the > add function. > function download($id) > { > Configure::write('debug', 0); > $file = $this->ImageUpload->findById($id); > > // Read person from ID from session variable > $lastPerson = $this->Session->read('lastPersonId'); > > header('Content-type: ' . $file['ImageUpload']['type']); > // header('Content-length: ' . $file['ImageUpload']['size']); > header('Content-Disposition: attachment; filename='.$file > ['ImageUpload']['name']); > echo $file['ImageUpload']['data']; > > $desired_width = 50; > $desired_height = 50; > > $im = imagecreatefromstring($file['ImageUpload']['data']); > $new = imagecreatetruecolor($desired_width, $desired_height); > > $x = imagesx($im); > $y = imagesy($im); > > imagecopyresampled($new, $im, 0, 0, 0, 0, $desired_width, > $desired_height, $x, $y); > > imagedestroy($im); > > header('Content-type: image/jpeg'); > imagejpeg($new, null, 100); > > exit(); > } > > // this is for displaying thumbnails in a view. > function display($id) { > > Configure::write('debug', 0); > $file = $this->ImageUpload->findById($id); > echo $file['ImageUpload']['thumb']; > > header('Content-type: ' . $file['ImageUpload']['type']); > exit(); > } > > ================================= > > Here is my view: > > ================================= > <?php foreach($ImageUploads as $ImageUpload): ?> > > <td><img src="/image_uploads/display/<?php echo > $ImageUpload > ['ImageUpload']['id']; ?>"></td> > <td><?php echo > $ImageUpload['ImageUpload']['name'];?></td> > <td><?php echo > $ImageUpload['ImageUpload']['pic_date'];?></td> > <td> > <?php echo > $html->link('Edit','/image_uploads/edit/img_id:' . > $ImageUpload['ImageUpload']['id']); ?> | > <a href="/image_uploads/download/<?php echo > $ImageUpload > ['ImageUpload']['id']; ?>">Download</a> > </td> > </tr> > <?php endforeach; ?> > ================================= > > Any ideas? > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
