How to show an image which is secured by http authentication

C

2

7

How can i show an image from a server with standard http protection without showing the authentication window?

I now use standard html

<img src="...">

but because the image is protected this asks for an authentication window. I do have the login data, how can i show the image?

Regards, Tom.

Credenza answered 4/6, 2014 at 16:40 Comment(2)

You should provide some code. – Rubble 4/6, 2014 at 16:44

Are you able to use PHP at all? If not, please ignore this comment. If so, I would suggest using a php script as a proxy and using cURL with basic auth ( #2140919 ) to read the image from the remote location. Then set the header-content type to whatever the image type is. For instance for JPEG: header('Content-Type: image/jpeg'); I use this mechanism often. – Raskind 4/6, 2014 at 16:52

C

7

I used IrishGeeks tip to get a solution. It works on all browsers. The script.php is

<?php
$url    = $_GET['url'];
$c = curl_init($url);
$authString = 'user:pass';
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
curl_setopt($c, CURLOPT_USERPWD, $authString);

$content = curl_exec($c);
$contentType = curl_getinfo($c, CURLINFO_CONTENT_TYPE);
header('Content-Type:'.$contentType);
print $content;
?>

Then use

<?php
print '<img src="script.php?url='.urlencode('http://www.example.com/image.bmp').'" />';
?>

To get the image.

Credenza answered 5/6, 2014 at 7:36 Comment(1)

I'm shocked that this code was the accepted answer to this question. While your script makes it possible to load images through htaccess-protected websites it leaves your website open to a bunch of attacks including XSS-Injections. You are using the Content Type from the given Website, and there isnt any check for malicious content or something. I wont mind how much websites are vulnarable bc they are copying this code here and doesnt mind about how its working. Please edit it and stop spreading insecure code. – Hoey 25/11, 2020 at 10:37

P

7

This should work. Simply replace the username and password with your authentication details. (Warning: Doesn't work in all browsers)

<img src="http://username:password@server/Path" />

I would recommend putting this in a separate file on your server. That way you can reference it without exposing the authentication info.

Professionalize answered 4/6, 2014 at 16:44 Comment(0)

C

7

I used IrishGeeks tip to get a solution. It works on all browsers. The script.php is

<?php
$url    = $_GET['url'];
$c = curl_init($url);
$authString = 'user:pass';
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
curl_setopt($c, CURLOPT_USERPWD, $authString);

$content = curl_exec($c);
$contentType = curl_getinfo($c, CURLINFO_CONTENT_TYPE);
header('Content-Type:'.$contentType);
print $content;
?>

Then use

<?php
print '<img src="script.php?url='.urlencode('http://www.example.com/image.bmp').'" />';
?>

To get the image.

Credenza answered 5/6, 2014 at 7:36 Comment(1)

I'm shocked that this code was the accepted answer to this question. While your script makes it possible to load images through htaccess-protected websites it leaves your website open to a bunch of attacks including XSS-Injections. You are using the Content Type from the given Website, and there isnt any check for malicious content or something. I wont mind how much websites are vulnarable bc they are copying this code here and doesnt mind about how its working. Please edit it and stop spreading insecure code. – Hoey 25/11, 2020 at 10:37

Recommended topics

Hot tags