Hiding image source

[ba55meister]

Hi

 

I am trying to hide the image filepath and found this tutorial http://www.bounmis.com/en/PHP/How_To_Hide_Image_Source.html which I am currently using. It works but I need an additional security here so this script parses images only if the user is logged in to wordpress

 

here's what i have so far:

 

<?php
include('wp-config.php');
  
$wp->init();  
    $wp->parse_request();  
    $wp->query_posts();  
    $wp->register_globals();	   
   
Header('Content-type: image/jpeg');
    $exp=GMDate('D, d M Y H:i:s',time()+999);
    Header('Expires: $exp GMT');

$image_path = 'pathtoimages/';   
    $file=$image_path . $_GET["img"]; // getting image name and your image path

if ( is_user_logged_in() ) {
   $file=$image_path.'authorized.jpg';
	} else {
	$file=$image_path.'notauthorized.jpg'; 
	};

    if (file_exists($file)){

$info=getimagesize($file);
    $width=$info[0];
    $height=$info[1];
    if ($info[2]==1){
        $img=@imagecreatefromgif($file);
    } else if ($info[2]==2){
        $img=@imagecreatefromjpeg($file);
    } else if ($info[2]==3){
        $img=@imagecreatefrompng($file);
    } else {
        $width=800;
        $height=600;
        $file = 'notauthorized.jpg'; // if there is not such image, it will show default image
        $img=@imagecreatefrompng($file);
    }
    ImageJpeg($img);
    imagedestroy($img);
}
?>

 

the script doesnt work. I think it's because i set headers Header('Content-type: image/jpeg'); What can I do to make it work?

Please help

 

thanks

[DavidAM]

First, I have never worked with wordpress, so I don't know what might be happening in the include files that could cause a problem. But I can make a couple of suggestions

 

When using this method to hide images (or other files) it can be difficult to debug. However, you can enter the url in your browser. If it works you will see the image (or whatever); if it does not work, you will see the error messages (so make sure you turn on error_reporting(E_ALL) in the script). So if, for instance, your image tag is:

<IMG src="http://mydomain.com/showimage.php?id=1234">

you can enter http://mydomain.com/showimage.php?id=1234 into the address bar on the browser and view the image or see the errors.

 

It might be that one of the includes is sending content, so you get an error when sending the headers. Requesting the script directly should show you any errors that are creating that problem.

 

Now, in your code, you are sending a header that says you are about to send a JPEG file. But then you send a GIF, PNG, or JPEG. I would think you need to specify the correct Content-type header based on the type of file you are sending.  I'm not sure how picky browsers are, but personally, I would send this header after I determine which type of file I have.

 

Also, you do not need to create an image in memory just to send it to the browser. This is useing resources and taking time that is just not necessary.  You can use readfile($filename) to read the file and send it directly to the browser.

[ba55meister]

Thanks David. The thing is that if i take out all the image parsing part of the code and only leave wordpress validation it works, same for the image parsing bit without the WP includes.

Also the reason I have headers set to jpeg is that I only have a few images that are being shown to registered blog site members - images change, but not their format (jpeg) or location. I want to hide images URL from users so only registered can view them and if their membership is cancelled they won't be able to. Hope it makes sence.

 

Is there any other way of hiding the image filepath?

 

 

[DavidAM]

I don't know of any other way to do it that does not involve javascript. And you shouldn't use JS for required page behavior since users may turn it off, or use a browser that does not support it.

 

When you enter your image src url in the browser address bar, what exactly happens? Do you get an error message, blank screen, or what (if you get a blank screen, view the page source and see if it is blank as well).  Also, for testing purposes, take the '@' out of the function calls ($img = @imagecreate ...) it could be hiding errors.

 

If it works without the wordpress validation, add those lines back one at a time and see where it is failing.

 

add these two lines to the top of this script, immediately after the openning php tag:

error_reporting(E_ALL);
ini_set('display_errors', 1);

just to make sure we can see any errors.