On Sun, 15 Jun 2008 13:48:28 +0200 Stefano Esposito <ragnarok@xxxxxxxx> wrote: > Hi all, > > i have to forbid users of my site to view images directly (i.e. > writing the image URL in the address bar) but they'd be able viewing > them from the pages of the site. What's the best way of doing it, or > something similar? Is there a common strategy using PHP? Thank you for > any hint :-) > > Ciao, > Stefano Thanks for all of your hints :) Here's my solution: 1) disable contextmenu on the images to protect using javascript (just to discourage less determined people) 2) for other purposes, the page containing images to protect, is brought to users through an ajax request, so they can't so-easily look at the source (not with browser's normal 'view source' anyway... they would need something like firebug). 3) use a script to get image data (as someone on the list suggested), checking for the right $_SERVER['HTTP_REFERER'] (i know... it's not so trustworthy... if anyone has a better idea, i'll be glad to listen to :)) 4) encrypt the relative path of the image on the fly, using mcrypt with a key generated on the login and then pass it encoded whit base64_encode (with a little workaround for '+', '/' and '=' chars) to the image-reading script. So, even if someone can get to the source, they'll end up whit an encrypted id of which they don't know neither the key nor the encryption method nor even what it's supposed to represent (if some database id or a path). I think that's a good way to prevent image theft... well, unless the thief uses the print screen key... What's your point of view? Ciao, Stefano -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Caschi, abbigliamento e accessori per la moto a prezzi convenienti, solo su Motostorm.it Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=7850&d=1-7 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
