Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
hide image source with php
01-12-2011, 10:54 AM
Post: #1
hide image source with php
Is there a way to hide image url with PHP? I basically need an image passed to a flash application and I don't want to give out the image URL

I found this script [url=http://www.bounmis.com/en/PHP/How_To_Hide_Image_Source.html]
it does work but seems a bit crap since it essentially converts an image to jpeg
Any better solutions?

Web Designers Directory | Advertise Web Design Business | Website Design
Find all posts by this user
Quote this message in a reply
02-04-2011, 03:50 PM
Post: #2
RE: hide image source with php
use this script:

if ($_SERVER["HTTP_REFERER"] != "") {
$image = $_GET["my_image_path"];
header ("Content-Type: application/octet-stream");
$fp = fopen($image,"r");
echo fpassthru($fp);
} else {
header('Location: $GO_SOMEWHERE');
}

Web Design Directory | Web Designers | SEO Melbourne
Find all posts by this user
Quote this message in a reply
02-04-2011, 03:53 PM
Post: #3
RE: hide image source with php
Hello,

I was also trying to hide my photo download path from browsers.

This header method seems to be a good way to do it but I have found a big hole and cannot find a way to plug it.

What I'm doing is this: to prevent hotlinking to my photos, I want to totally hide their path (folder has a crazy name). I call each photo with something like display.php?id=photoid. But doing this, anybody could easily type in their browser the exact same thing and hotlink to the photos without actually knowing their path by calling the php, so hiding the path that way would not be very useful.

So what I do against that is that I pass a session value and in the display.php file I test for that session value before sending the right header. That session value has been set by another php script. So what I'm doing is make sure that the photo is displayed only if display.php has been called by that other script. This prevents hotlinking. The display.php will unset that session value when sending the photo in the header.

So that works well, it hides the path, and prevents hotlinking as well.

BUT, here's where the hole is:
With a browser, I try to type directly display.php?id=photoid. Of course it works as expected, and doesn't display the photo. Now I go through the website to display the photo normally. It works and displays the photo. Now, because of memory cache, by trying to retype the direct address in the browser or with a right combination of back/forward, I will be able to display the photo directly in the browser even though it is forbidden. The browser will simply pull the photo out of the cache(even though I sent all the necessary headers to prevent caching).

But what is even worse, is that doing this, it will display in the location bar not "display.php?id=photoid" as it would if calling it directly was allowed but curiously the *full* path of the photo, revealing the directory name on the server.

Now I'm trying to find a way to prevent that. If I stop the session variable check then the photo will be displayed without interdiction. The path will *not* be revealed then, but hotlinking will be possible....

I hope I didn't put everyone to sleep with all the verbose Smile

Web Designers Directory | Advertise Web Design Business | Website Design
Find all posts by this user
Quote this message in a reply
03-25-2012, 02:36 AM
Post: #4
RE: hide image source with php
thanks for the useful code

Long Path Tool
Visit this user's website Find all posts by this user
Quote this message in a reply
08-07-2012, 10:08 PM
Post: #5
RE: hide image source with php
thanks for this post u have shared here.

buy iphone 5| iphone sim unlock| unlock iphone 5|
Find all posts by this user
Quote this message in a reply
08-30-2012, 11:55 PM
Post: #6
RE: hide image source with php
this is very cool and helpful post for me

Corporate Photography Melbourne| Commercial Photography Melbourne| Headshot Photography Melbourne|
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 6 Guest(s)