Protecting inline elements from being linked directly ...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
puckeye
Forum Contributor
Posts: 105
Joined: Fri Dec 06, 2002 7:26 pm
Location: Joliette, QC, CA
Contact:

Protecting inline elements from being linked directly ...

Post by puckeye »

Hi all,

I want to protect my images from being linked directly from another website. I don't want to pay for the bandwidth while others are showing my art and graphics... If they want to show those they can upload them on their site...

Anyway I was reading something about sessions for another project when I came accros this extern_referer_check which in the text is used to prevent users coming from other PHP sites from taking over a session (highly improbable but there's always a chance).

I think this is to be set in the php.ini file.

Could that also be used to prevent other sites (PHP or otherwise) from linking directly to my images or othe inline elements? I'm already using a PHP script to display the image (loaded from a database) and I use $_SERVER['HTTP_REFERER'] to check out if the request for that image is local or from another server...

As you may well know this is far from foolproof... It depends on a miriad of factors one of those is the browser type and version. Some types or older versions don't send back the referer so the check can't be done and I have to let those pass...

Anywa I wanted to hear your thoughts on this.
User avatar
piuga
Forum Newbie
Posts: 9
Joined: Fri May 10, 2002 11:24 am
Location: Relative to what?

apache?

Post by piuga »

if apache webserver and possibility to create local .htaccess file just configure it to not allow access to a directory where you keep your images and stuff.

And yes I read that you got your images in a DB, but I think this is a bad idea (since it eats resources).

my 2 öres...;-)
User avatar
puckeye
Forum Contributor
Posts: 105
Joined: Fri Dec 06, 2002 7:26 pm
Location: Joliette, QC, CA
Contact:

Post by puckeye »

Why is that a bad idea? Any input I can have on this issue I'll take...

I don't want to stop people from seeing those images, I want to stop other web designer from linking "directly" to my images from other web sites, thus taking my bandwidth but without sending me the visits...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

fractalvibes
Forum Contributor
Posts: 335
Joined: Thu Sep 26, 2002 6:14 pm
Location: Waco, Texas

Post by fractalvibes »

couldn't you have a php script serve up your images?

i.e.
<img src='SomeScript.php?ID=34'>

And have SomeScript.php check the HTTP headers for Referer - if not from your site, substitute a rude image?

Phil J.
User avatar
puckeye
Forum Contributor
Posts: 105
Joined: Fri Dec 06, 2002 7:26 pm
Location: Joliette, QC, CA
Contact:

Post by puckeye »

Thanks, you are right that's very interesting...
User avatar
puckeye
Forum Contributor
Posts: 105
Joined: Fri Dec 06, 2002 7:26 pm
Location: Joliette, QC, CA
Contact:

Post by puckeye »

fractalvibes wrote:couldn't you have a php script serve up your images?

i.e.
<img src='SomeScript.php?ID=34'>

And have SomeScript.php check the HTTP headers for Referer - if not from your site, substitute a rude image?

Phil J.
Yeah that's currently what I'm doing. The problem is that not all browsers return an HTTP header, OK most popular browsers do but I want to be able to cover all bases.

I wanted to experiment with something either from the PHP config or Apache's...

Here's my code to prevent usage of my images (and potentially other files too).

Code: Select all

$Page_request = $_SERVER&#1111;'HTTP_REFERER'];
if (eregi ("mydomain.com", $Page_request) OR $Page_request == "")
&#123;
    $query = // SELECT photo from DB
    $result = mysql_query($query) or die (mysql_error()."<BR>".$query);
    if ($row = mysql_fetch_array($result)):
        print $row&#1111;"Photo"];    // Write the Image code.
    else:
        readfile("images/spacer_trans.gif");
    endif;
&#125;
else
&#123;
    require ("images/access_denied.php");  // Send a small gif of extreme dimension
&#125;
The access_denied.php logs a warning in another DB and sends an 8 kb GIF of about 1500x1500 pixels with the words "ACCESS DENIED" (the image has very few colours...) We first toyed with the idea of sending a monkey's ass but that would defeat the purpose of protecting our bandwidth since the monkey's ass weigthed more then the average weigth of our images.

The spacer_trans.gif image is displayed if the image couldn't be retreived from the database (I.E. that particular image_id doesn't exists anymore).
Post Reply