Hi all,
I'm working on a project where I neeed to protect as much as possible other websites from linking directly to photos we're trying to sell.
My idea is to use a simple script to display the photos using the GD libraries or a direct feed from a DB (I'm not deceided on that yet). My thinking was to check who was requesting the script and disply the photo only if the request came from our site or one of our trusted member. If the request comes from somewhere else we would display some sort of obsenity to discourage that practice.
We don't want direct linkage because, in general, the site doing that do not send proper credit back to us and it uses our bandwidth instead of theirs...
OK about how I was thinking of checking who requests the script was by using one of the values from _$SERVER. My problem is that I have no idea which one to use...
Any idea?
Also about the direct feed from the database thing... I was thinking going one of 2 ways to protect our photos.
1) place the photos outside the web server paths, no one can access them from the web but PHP can still manipulate the photos.
2) store the photos directly in a MySQL database.
The photos will range from 50Kb to 250Kb.
I see advantages for both ways. The first is easier to use and less asle on the DB but deleting the photos is not automatic when droping a particular set from the Database (descriptions, filename and such).
The latter provides easier management but will ask more from the Database.
My question here is when calculating DB result speed does the size of each record count or simply the number of rows to sift through?
Sorry if this is a little long and I appreciate all the help you can offer.
Puckeye
Getting to know who uses my scripts... and Database use...
Moderator: General Moderators
Sounds like using a hammer to crack a nut!
Are the images you are selling "virtual" images or pictures of posters for the public to buy?
If your image is "virtual", you could try several things. Deface the image with your logo so the picture is worthless, and the viewer will need to pay for the proper copy.
You could place the images in a seperate directory and password protect it.
If you are using an Apache server, use the ReWrite engine to check the refferer and display the image if it is requested by you or your partners, and a picture of Britney Spears otherwise, they will soon get the message!
If you sell the "virtual" image, whats stopping your buyer from selling it on, or displaying it for anyone else to get? Have a well placed logo on the image so you continue to get credit.
Are the images you are selling "virtual" images or pictures of posters for the public to buy?
If your image is "virtual", you could try several things. Deface the image with your logo so the picture is worthless, and the viewer will need to pay for the proper copy.
You could place the images in a seperate directory and password protect it.
If you are using an Apache server, use the ReWrite engine to check the refferer and display the image if it is requested by you or your partners, and a picture of Britney Spears otherwise, they will soon get the message!
If you sell the "virtual" image, whats stopping your buyer from selling it on, or displaying it for anyone else to get? Have a well placed logo on the image so you continue to get credit.
- puckeye
- Forum Contributor
- Posts: 105
- Joined: Fri Dec 06, 2002 7:26 pm
- Location: Joliette, QC, CA
- Contact:
Thanks f1nutter for your reply,
I fear that my point wasn't extremely clear.
The problem isn't in protecting the "paying" material which in fact is downloadable, not printed.
The problem is in protecting the "free samples" that will be displayed on the site. The way it'll work is as follows.
We have various categories (we call 'em sets) of pictures, let's say we have flowers, insects, birds etc... Each set will provide 3 thumbnails for samples so people can see what they are buying. All samples will have our logo and address printed on top.
Now what we don't want are other sites linking directly to those thumbnails... If they download the samples and display them on their site we don't care but we don't want to pay for their use of OUR bandwidth. Several sites will offer "so_called" free images because they link to other sites without the user knowing (aside from the logo printed on top).
If they wish to display our samples then good for us but they'd have to download them first.
Your idea of using ReWrite seems good but I do not know of this Apache Engine. What I would like to know is how reliable is _$SERVER['HTTP_REFERER']?
Would starting a session be a good idea to pass variables through cookies?
Thanks
Puckeye
I fear that my point wasn't extremely clear.
The problem isn't in protecting the "paying" material which in fact is downloadable, not printed.
The problem is in protecting the "free samples" that will be displayed on the site. The way it'll work is as follows.
We have various categories (we call 'em sets) of pictures, let's say we have flowers, insects, birds etc... Each set will provide 3 thumbnails for samples so people can see what they are buying. All samples will have our logo and address printed on top.
Now what we don't want are other sites linking directly to those thumbnails... If they download the samples and display them on their site we don't care but we don't want to pay for their use of OUR bandwidth. Several sites will offer "so_called" free images because they link to other sites without the user knowing (aside from the logo printed on top).
If they wish to display our samples then good for us but they'd have to download them first.
Your idea of using ReWrite seems good but I do not know of this Apache Engine. What I would like to know is how reliable is _$SERVER['HTTP_REFERER']?
Would starting a session be a good idea to pass variables through cookies?
Thanks
Puckeye
Then don't post the image itself on your page. Instead, just offer links to the pictures you will offer as samples. As for the pay-only pages, make up a subscription page, and only allow registered users view the images upon payment to do so.
So, create a subscription page named bob.php.
Ask for a user login
Members gets links to all the images. For the images you want them to pay for, direct them to a secure online-credit payment page, get their money, and let them through.
Simple as that imo...
because what you are wanting to do, has yet to be done that I know of...
So, create a subscription page named bob.php.
Ask for a user login
Members gets links to all the images. For the images you want them to pay for, direct them to a secure online-credit payment page, get their money, and let them through.
Simple as that imo...
because what you are wanting to do, has yet to be done that I know of...
- puckeye
- Forum Contributor
- Posts: 105
- Joined: Fri Dec 06, 2002 7:26 pm
- Location: Joliette, QC, CA
- Contact:
Thanks Infolock,infolock wrote:Then don't post the image itself on your page. Instead, just offer links to the pictures you will offer as samples. As for the pay-only pages, make up a subscription page, and only allow registered users view the images upon payment to do so.
So, create a subscription page named bob.php.
Ask for a user login
Members gets links to all the images. For the images you want them to pay for, direct them to a secure online-credit payment page, get their money, and let them through.
Simple as that imo...
because what you are wanting to do, has yet to be done that I know of...
The secure part is already being done and was planned from the beginning, but we have to show samples so buyers know they are buying the images they want...
Anyway I will try the _$SERVER['HTTP_REFERER'] variable and see how it goes.
I think also that starting a session for all visitors and having the PHP script showing the samples check if there's a valid session id could also work...
What do you think?
Puckeye