acctman Posted May 2, 2009 Share Posted May 2, 2009 Hi is there a way to prevent a user from copy and pasting an image link and loading it directly? I use created a php script to load images and control who's able to see the images. I'd like for this too happen: when a user clicks an image link on an html or php page on domain.com it should load. but if the user goes into the source and grabs the actual link and paste it into there web browser it should not load. file link example: /files/pvtexp.php?mid=135789&iid=296946&idat=2007/10&sec=3 Quote Link to comment Share on other sites More sharing options...
gffg4574fghsDSGDGKJYM Posted May 2, 2009 Share Posted May 2, 2009 You can look at the REFERER and if isn't coming from your domain echo nothing, or echo a image that say 'image stolen'. For many users it will work, however the REFERER is given by the browser and can be easly cheated. That don't prevent user from saving them and use them on their own server, but that can save you some bandwidth. This should work : if (@strcmp($_SERVER['HTTP_REFERER'], "http://www.mysite.com/") != 0) die(); Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 2, 2009 Share Posted May 2, 2009 There is no difference between a link on web page and an address placed into a browser address bar (or a script requesting the URL.) They all cause a http request to be made for the file and it is the web server's duty to serve up the requested file. This is how the whole Internet works. So, no, you cannot tell the difference between someone clicking on a link on your page and someone being on your page, viewing the source and copy/pasting that link to the address bar. You can tell if someone is requesting a file without having visited your page first. As long as the URL of the file will cause that file to be severed by the server, it does not matter how that http request is produced (link on a page, browser address bar, bot script, request relayed through a web proxy server...) A http request is a http request. HTTP_REFERER can also be set to anything at any time, so bot scripts and web proxy scripts can set it to your domain so that any request for a URL can look like it came from someone already viewing pages on your site. What exactly are you trying to accomplish? Does someone need to fill out a form or be a logged in member on your site before the file should be served by the web server? Are you trying to stop hot linking by other sites putting a URL to your file on their pages? Quote Link to comment Share on other sites More sharing options...
acctman Posted May 2, 2009 Author Share Posted May 2, 2009 There is no difference between a link on web page and an address placed into a browser address bar (or a script requesting the URL.) They all cause a http request to be made for the file and it is the web server's duty to serve up the requested file. This is how the whole Internet works. As long as the URL of the file will cause that file to be severed by the server, it does not matter how that http request is produced (link on a page, browser address bar, bot script, request relayed through a web proxy server...) A http request is a http request. HTTP_REFERER can also be set to anything at any time, so bot scripts and web proxy scripts can set it to your domain so that any request for a URL can look like it came from someone already viewing pages on your site. What exactly are you trying to accomplish? Does someone need to fill out a form or be a logged in member on your site before the file should be served by the web server? Are you trying to stop hot linking by other sites putting a URL to your file on their pages? right now all my images load perfectly on the site and in the galleries. i just want to stop users from loading the links outside of the gallery by itself. giving it some thought, I'm thinking the only way to do this would be to restrict pvtexp.php load in the webroot. right now the image php loading file pvtexp.php is in home/site/www/files/pvtexp.php which can be accessed directly by anyone's web browser with the correct $_get parameters. no if i was to put the pvtexp.php file at home/site/files/pvtexp.php (behind the webroot) only the php gallery script serving the file can access the pvtexp.php there user would have no way to manual input a url to pull images. So basically i want to stop a user from inputing: http://www.site.com/files/pvtexp.php?.... and see and image, and limit them to having to go to http://www.site.com/gallery/user/ to see the image. can that be accomplished without moving the file behind the webroot, that would save a lot of time recoding links in various scripts on mysite Quote Link to comment Share on other sites More sharing options...
corbin Posted May 2, 2009 Share Posted May 2, 2009 When ever you have an <img> tag, all it does it make a request to the server, render the content it receives and then cram it into a box. So essentially the image has to be in the webroot for it to show up in an img tag. Your two best options are either sessions or referer checking. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.