My xataface website has an action that uses PHPWord to create a letter. I'm trying to sign the letter with an image of a signature, but I don't want to just keep the image file on the server. I want it to be created from PHP so I can do some permission checks and only display the signature to "people or pages who are allowed to see it".
My first idea was to create a PHP file that has the image inline as data, and in theory can display the signature if the request comes through xataface, or a blank image of the same size if it does not, but this PHP file isn't in the Xataface context so it can't tell who is logged in :-( It does work - the image is correctly in the document, just that I can't control who can see it.
Next I tried wrapping the functionality of the above PHP into an action handler, and then
using $section->addMemoryImage("http://localhost/site/index.php?-action=sigfile");
in my script that generates PHPWord doc, but that gets an "unsupported image type" in the PHP log (without getting into the handler).
I've also tried putting just the "working image code" into templates/sigfile.html, but that gets an "unsupported image type" too (If I go straight to the PHP file it works. If I wrap it in any xataface stuff it doesn't)
About the only thing I've got working is using some "hidden key" e.g. PHPWord doc does $section->addMemoryImage("http://localhost/site/sig.php?a=1&b=2&c=3");
and the script is just looking for b=2
- the rest is just noise, but that is hardly secure...
The other idea would be have the php write the image to disk (server side), use it and then delete. Not sure how secure that is.
Am I missing some simple way of doing this?