Jump to content

Recommended Posts

 

Hide PHP variables in the html?

 

Hi all

 

I've started working again on this type testing thing

 

http://www.ttmt.org.uk/forum/index.php

 

The text, size and font to use are past to a php function that uses the GD library

to create the image using the font at the set size.

 

My problem is from the source code of the page I can see the location of the fonts

which I can't have - I don't want people to be able to download the fonts.

 

<img src="imageftt.php?text=Handgloves&size=24&font=/fonts/corbelb.ttf">    </div>

 

How can I hide the variables in the html code or hide the location of the fonts.

 

Any help would be greatly appreciated.

 

html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

<title>untitled</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>

<body>
  <div id="wrap">
    <form action="index.php" method="post">
      <select name="text" >
        <option value="<?php echo $_POST['text'];?>">Text</option>
        <option value="ABCDEFGHJIKLMNOPQRSTUVWXYZ">ABCDEFGHIJKLMNOPQRSTUVWXYZ</option>
        <option value="abcdefghijklmnopqrstuvwxyz">abcdefghijklmnopqrstuvwxyz</option>
      </select>
      <select name="size">
        <option value="<?php echo $_POST['size'];?>">Size</option>
        <option value="31">30</option>
        <option value="48">48</option>
        <option value="72">72</option>
        <option value="84">84</option>
        <option value="108">108</option>
      </select>  
      <input type="submit" name="submit" value="Set →" />
    </form>
    
    <div id="top">
    	<?php 
    	  $theFont="/fonts/corbelb.ttf";
      	if(!empty($_POST['submit'])){
    	    $myText = $_POST['text'];
      	  $mySize = $_POST['size'];
      	  echo '<img src="imageftt.php?text='.$myText.'&size='.$mySize.'&font='.$theFont.'">';
      	}else{
      	  $myText = "Handgloves";
      	  $mySize = 24;
      	  echo '<img src="imageftt.php?text='.$myText.'&size='.$mySize.'&font='.$theFont.'">';
      	}
    	?>
    </div>
  </div>
</body>
</html>

 

 

PHP

<?php
        
header('Content-Type: image/png');

$im = imagecreatetruecolor(1000, 200);

$gray = imagecolorallocate($im, 240, 240, 240);
$black = imagecolorallocate($im, 0, 0, 0);
imagefilledrectangle($im, 0, 0, 1000, 199, $gray);
    
  $text = $_GET['text'];
$textSize = $_GET['size'];
$font = $_GET['font'];
	  
  imagefttext($im, $textSize, 0, 15, 160, $black, $font, $text);		

imagepng($im);

imagedestroy($im);

?>

 

 

Link to comment
https://forums.phpfreaks.com/topic/251626-hide-php-variables-in-the-html/
Share on other sites

Change the URL to something like

&font=corbelb

 

Then your script

1. Checks that the font name is valid. Try ctype_alpha

2. Constructs the path name, like

$path = $_SERVER["DOCUMENT_ROOT"] . "/../fonts/" . $_GET["font"] . ".ttf";

(if you put the /fonts directory one level below your web root)

3. Checks that the font file exists

 

If all that works then you can proceed, otherwise you can't and should do something else. Maybe die(), thus creating an invalid image, or more creatively you can output a warning in a small image.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.