I have web application in PHP using apache server, linux. For some security reason i am keeping the documents and images outside web root. How can i show these images, when the user login.
Inside your www directory, create a "image.php" file, with a similar content to:
<?php
header('Content-Type: image/png');
readfile("../img/" . basename($_GET['img']));
And call your images with
<img src="image.php?img=myimage.png" />
Please be aware that your PHP file shouldn't be that simple :) As you may want to address multiple image formats (and providing the correct header for them), checking for malicious file path/inclusions (you don't want to use $_GET without validating/sanitizing the input), extra caching etc. etc. etc.
But this should give you an idea on how you can target your issue.