hide image source with php
|
01-12-2011, 10:54 AM
Post: #1
|
|||
|
|||
hide image source with php
Is there a way to hide image url with PHP? I basically need an image passed to a flash application and I don't want to give out the image URL
I found this script [url=http://www.bounmis.com/en/PHP/How_To_Hide_Image_Source.html] it does work but seems a bit crap since it essentially converts an image to jpeg Any better solutions? Web Designers Directory | Advertise Web Design Business | Website Design |
|||
02-04-2011, 03:50 PM
Post: #2
|
|||
|
|||
RE: hide image source with php
use this script:
if ($_SERVER["HTTP_REFERER"] != "") { $image = $_GET["my_image_path"]; header ("Content-Type: application/octet-stream"); $fp = fopen($image,"r"); echo fpassthru($fp); } else { header('Location: $GO_SOMEWHERE'); } Web Design Directory | Web Designers | SEO Melbourne |
|||
02-04-2011, 03:53 PM
Post: #3
|
|||
|
|||
RE: hide image source with php
Hello,
I was also trying to hide my photo download path from browsers. This header method seems to be a good way to do it but I have found a big hole and cannot find a way to plug it. What I'm doing is this: to prevent hotlinking to my photos, I want to totally hide their path (folder has a crazy name). I call each photo with something like display.php?id=photoid. But doing this, anybody could easily type in their browser the exact same thing and hotlink to the photos without actually knowing their path by calling the php, so hiding the path that way would not be very useful. So what I do against that is that I pass a session value and in the display.php file I test for that session value before sending the right header. That session value has been set by another php script. So what I'm doing is make sure that the photo is displayed only if display.php has been called by that other script. This prevents hotlinking. The display.php will unset that session value when sending the photo in the header. So that works well, it hides the path, and prevents hotlinking as well. BUT, here's where the hole is: With a browser, I try to type directly display.php?id=photoid. Of course it works as expected, and doesn't display the photo. Now I go through the website to display the photo normally. It works and displays the photo. Now, because of memory cache, by trying to retype the direct address in the browser or with a right combination of back/forward, I will be able to display the photo directly in the browser even though it is forbidden. The browser will simply pull the photo out of the cache(even though I sent all the necessary headers to prevent caching). But what is even worse, is that doing this, it will display in the location bar not "display.php?id=photoid" as it would if calling it directly was allowed but curiously the *full* path of the photo, revealing the directory name on the server. Now I'm trying to find a way to prevent that. If I stop the session variable check then the photo will be displayed without interdiction. The path will *not* be revealed then, but hotlinking will be possible.... I hope I didn't put everyone to sleep with all the verbose Web Designers Directory | Advertise Web Design Business | Website Design |
|||
03-25-2012, 02:36 AM
Post: #4
|
|||
|
|||
RE: hide image source with php
thanks for the useful code
Long Path Tool |
|||
08-07-2012, 10:08 PM
Post: #5
|
|||
|
|||
RE: hide image source with php
thanks for this post u have shared here.
buy iphone 5| iphone sim unlock| unlock iphone 5| |
|||
08-30-2012, 11:55 PM
Post: #6
|
|||
|
|||
RE: hide image source with php
this is very cool and helpful post for me
Corporate Photography Melbourne| Commercial Photography Melbourne| Headshot Photography Melbourne| |
|||
« Next Oldest | Next Newest »
|
User(s) browsing this thread: 6 Guest(s)