Requirements in mathematical language are no use unless they are easier to read than the code -- David Parnas

Links
Home
Outline
Lectures
Tutorials & Labs
Assignments
References
Unix FAQ

CSE3WE Web Engineering - Assignment 2

Implementation Hints

The following hints are based on questions that I've received from students over the last week or two. Hopefully they'll make life a little easier and might give you some ideas on improving your assignment implementation.

How to Create Thumbnails

If you want to create a bunch of thumbnail images, the "convert" tool that comes with ImageMagick is probably your easiest option. You can use something like the following on Redgum: 

convert -resize 200x100 myimage.jpg myimage-thumb.jpg

This would resize the image named myimage.jpg down to 200x100 pixels and save it with a name of test-thumb.jpg. You can also use convert to change between image formats - just give it the name of the file that you want to convert, followed by a new filename with the appropriate extension. Run convert -help for more ideas.

How to Control Image Downloads

In order to prevent unauthorised users from downloading your full resolution images (obviously you don't want this to happen, otherwise you cannot make users pay for them), you will need to control access via your CGI. Most of the process will be the same as for accessing a HTML page - you still need to check for a valid session and ensure that they have permission to access this file (ie. that they have purchased it).

If everything checks out then instead of sending a Content-type: text/html header and generating HTML, you will need to send a Content-type: image/jpeg header (or whatever is appropriate for your image format) and the image contents.

The following code snippet would send the contents of myimage.jpg via a CGI. Also note the Content-disposition: HTTP response header - this tells the browser to save the image, rather than displaying it. 

print "Content-disposition: attachment; filename=myimage.jpg\n";
print "Content-type: image/jpeg\n\n";

open IMG, "<myimage.jpg";
flock IMG, 1;
while (sysread(IMG, $buf, 512) > 0) {
        print $buf;
}
flock IMG, 8;
close IMG;

I would suggest designing your CGI so that when passed certain name/value pairs it changes from HTML mode to file download mode. If in file download mode the access checks will be completed, the image download code run before the CGI exits. If the access checks fail then a HTML error page could be generated instead.

You will also want to ensure that you are running your CGI via a SETUID wrapper and have set appropriate permissions on the image files (or even move them outside of your public_html directory) to prevent access via the web server.