Hi all,
I want to protect my images from being linked directly from another website. I don't want to pay for the bandwidth while others are showing my art and graphics... If they want to show those they can upload them on their site...
Anyway I was reading something about sessions for another project when I came accros this extern_referer_check which in the text is used to prevent users coming from other PHP sites from taking over a session (highly improbable but there's always a chance).
I think this is to be set in the php.ini file.
Could that also be used to prevent other sites (PHP or otherwise) from linking directly to my images or othe inline elements? I'm already using a PHP script to display the image (loaded from a database) and I use $_SERVER['HTTP_REFERER'] to check out if the request for that image is local or from another server...
As you may well know this is far from foolproof... It depends on a miriad of factors one of those is the browser type and version. Some types or older versions don't send back the referer so the check can't be done and I have to let those pass...
Anywa I wanted to hear your thoughts on this.
Protecting inline elements from being linked directly ...
Moderator: General Moderators
apache?
if apache webserver and possibility to create local .htaccess file just configure it to not allow access to a directory where you keep your images and stuff.
And yes I read that you got your images in a DB, but I think this is a bad idea (since it eats resources).
my 2 öres...
And yes I read that you got your images in a DB, but I think this is a bad idea (since it eats resources).
my 2 öres...
maybe you find http://websiteowner.info/tutorials/serv ... htheft.asp interesting
-
fractalvibes
- Forum Contributor
- Posts: 335
- Joined: Thu Sep 26, 2002 6:14 pm
- Location: Waco, Texas
- puckeye
- Forum Contributor
- Posts: 105
- Joined: Fri Dec 06, 2002 7:26 pm
- Location: Joliette, QC, CA
- Contact:
Yeah that's currently what I'm doing. The problem is that not all browsers return an HTTP header, OK most popular browsers do but I want to be able to cover all bases.fractalvibes wrote:couldn't you have a php script serve up your images?
i.e.
<img src='SomeScript.php?ID=34'>
And have SomeScript.php check the HTTP headers for Referer - if not from your site, substitute a rude image?
Phil J.
I wanted to experiment with something either from the PHP config or Apache's...
Here's my code to prevent usage of my images (and potentially other files too).
Code: Select all
$Page_request = $_SERVERї'HTTP_REFERER'];
if (eregi ("mydomain.com", $Page_request) OR $Page_request == "")
{
$query = // SELECT photo from DB
$result = mysql_query($query) or die (mysql_error()."<BR>".$query);
if ($row = mysql_fetch_array($result)):
print $rowї"Photo"]; // Write the Image code.
else:
readfile("images/spacer_trans.gif");
endif;
}
else
{
require ("images/access_denied.php"); // Send a small gif of extreme dimension
}The spacer_trans.gif image is displayed if the image couldn't be retreived from the database (I.E. that particular image_id doesn't exists anymore).