PHP readfile images and cookie creation....

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
prozacgod
Forum Newbie
Posts: 1
Joined: Tue May 29, 2007 11:23 pm

PHP readfile images and cookie creation....

Post by prozacgod »

So I created a script to send images to a person, but before it does, it creates a tracking cookie, then sends it via the setcookie etc, all that works fine and dandy, if and only if I go directly to the image url

E.G.

(edit)
I titled it with readfile, so I should I suppose elaborate

psuedo(ish)code

Code: Select all

$uniqid = $_COOKIE['tracking'];

if (!ValidUserInput($uniqid)) {
  unset($uniqid);
}

if (!isset($uniqid)) {
  $uniqid = CreateGUID();
}

setcookie('tracking', $uniqid);

header('content-type: image/jpeg');

readfile('test.jpg');
(/edit)

Code: Select all

http://notmysite.com/picture.php&image=test.jpg
the code executes and sends back a cookie to the url requester.

what I'm having problems with is if that image is in an IMG tag it will not send the cookeis, is this normal behavior, and where perhaps would be some documentation on the reasons why, I kinda figured it was a security or privacy issue.

But the next thing I can't understand is that the client agent WILL provide previously set cookies to the script, so logging of the uniqid is still valid.

I'm using this in a cross site situation, but Its fair to guess it will not set the cookies if brand Z is in fact the same host.

So once more.

If new user X visits the site and gets the cookie, and then at website brand Z sends him a hotlinked IMG I get the previously set cookie and can log the traffic as X

If new user Y visits website brand Z which sends him the hotlinked IMG - the cookie is not sent, I end up creating a new id butI cannot set one for him. and traffic is still logged under the new id (which gets created each time there is no id present)
Post Reply