I am creating a php script for images and videos. The image and videos is uploading and displaying fine on the webpage.
I want to secure the uploaded files, means visitors can't download the files at local system.
There is any one have knowledge how we secure files.
Please help!!!
i am pretty sure what you want is near impossible since if you want your visitor to view the image/video, the browser still need to download it before it can display to the end user.
if the browser can 'download' the data, pretty sure everyone can write small code to grab the data.
if you want to protect from linking to the data directly, you can prevent hot-link through htaccess (for apache) rule.
Related
My question is about HTML and PHP.
This is my setup right now:
A website where user have accounts
A FTP server with pictures (currently none)
Files are currently saved on the website in the "PICTURES" folder (which is accessible by everybody who know the full URL)
So, I would like to know how I can display the images without storing them on the website (which will fix my URL problem).
My idea was to move the files on the FTP server, and when a users logon and request a page with those images, download them through a FTP connection, save them on the website, display the images, and remove them. Which would make them accessible only between the downloading time. But this solutions sounds REALLY bad to me.
You need always to have a place where your images are stored. But, if you don't want to give a user the chance to know where are stored, you can create a system which is used to show the images.
Think about this, if you want to download a file from Mega, you can't access to the URL where the file is stored, instead of that, the server itselfs calls a system who assign you a "key" and you can download the file only through that system using your "key".
You could use a system like "base64" so you can encode your image, and show it using it, or, you can use the "header" modifier so, you can display an image using a PHP code.
For example your image tag will be like:
<img src="processImage.php?id=01&user=10&key=123" />
So, your processImage will return a "tricky" image, actually not the image, but the code processed by PHP will be returned, like using "imagejpg()" function with the header "Content-Type:image/jpeg" and then the user will not know where the image is stored actually but the img will works actually.
I have a script that displays the images via php. www.maindomain.com/image.php?img=test.jpg serve images, and i have other sites, where these images are displayed like this
<img src="www.maindomain.com/image.php?img=test1.jpg">
But this script, for show image is on my www.firstsite.com and www.secondsite.com. Is posibble to log which site is showing image? (put it to database for example).
I know, i can use $_SERVER['HTTP_REFERER'] but it's not 100%. Any other ideas?
The only 100% failsafe way to do it is to share the same image with different URLs. F.i. www.maindomain.com/image.php?test1.jpg&ref=first and www.maindomain.com/image.php?test1.jpg&ref=second. As actually this images are not requested by first or second servers but by visitor's browsers. Having different GET params in URL makes it easy to log data you need.
We have an mp3 player that runs via an iFrame, not our choice but thats how we're stuck with it. We want to prevent other people simply embedding the iframe on their site.
What would be the best way to do this? We're running nginx so no .htaccess. The mp3 player is made up of php files and we need to keep running it in an iframe.
Is there anyway to lock the specific mp3 players php file (in this case html5player.php) to only be able to be executed on our server or domain name? Surely there is a way to do that in nginx? But then of course, if they embed the iFrame it will think it IS running on our server anyway wont it?
Everything solution I've thought of has fallen down somewhere along the way, so input much appreciated.
You can check the URL of the parent window within the iframe, and check if it matches your domain or not... and then accordingly display the mp3 player or deny access.
use the following in the javascript inside the iframe:
if(top.location.href == "http://mysite.com"){
//display mp3 player
}
//or don't display mp3 player
I have a script where by users upload an image on a website and the image gets uploaded to an FTPServer. The name of the file is stored in a database, so when users click on a link, the query string is used as a reference in the Database to get the image name. The only part I'm stuck on right now, is how to display the image on my webpage using php. Is there a specific function to get a copy from the FTP server and display the image? I dont want do download the image to the web server, and then display the image and then delete it, as this could take up a lot of space if the web site has many visitors.
The "big image hosts" typically have web access to their "storage servers" as well. So when a file is uploaded to their image server it's accessible with a URL. You'd want to determine the url that points to the file you just uploaded and place that in your html (in the img tag. Let the user's browser retrieve the image, as opposed to your web server first retrieving it and then displaying the page.
You have to store the image on the web server, once you do that you can display it on your web page however you like, php, ajax, javascript, your choice.
I've found several answers to this question, but each case was different from mine. Before I spend hours implementing what I think will work, I'd like to get an opinion or two. Who knows, there may be an easier solution that will benefit someone else too!
I'm in the process of creating a website which provides a photo modification service. Each of my customers will be uploading their photos using a modified version of a jQuery/PHP upload script I found on Github (BlueImp's File Upload script- props BlueImp!) When each image is done uploading, a thumbnail of the image is displayed next to the image's filename.
The upload page creates a folder based on their Order #, and a thumbnail subfolder where the images are stored. For example, for Order # 12345:
/uploads/12345 <- Folder where the uploaded images will go
/uploads/12345/thumbs <- Folder where thumbnails will be served from
It's important that clients don't access other clients' photos. I moved the uploads folder outside of my website root, but then the thumbnails weren't displaying when the images finished uploading because, well, they weren't in the website root so the links weren't working.
Here's a solution I thought of:
Separate the folders. Move the main upload folder outside of the document root, but leave the thumbnail folder inside the doc root, so the thumbnails can be served up when each upload completes. When the user has finished uploading their images, delete the thumbnail folder corresponding to that Order #.
Is there a better way to do it? My concern is preventing access to photos (A client will only have to upload them once, then wait for us to finish the modifications. They will NOT have to log back in to download them.) I don't want someone to be able to access the upload folder via the address bar or anywhere else. Can I use an .htaccess file to restrict access, but still allow for linking to the thumbnail images via the upload script?
I apologize for the wordy question. I tried to be as succinct as my limited knowledge of programming would allow. Thank you in advance for your time and effort in helping with this.
two way around
Write a blank index.html on each directory, which will prohibit to access files.
Write below in .htaccess ( if not exist then create this file )
Options -Indexes
OR If you want NO ENTRY outside of the LAN
# no nasty crackers in here!
order deny,allow
deny from all
allow from 192.168.0.0/24
# this would do the same thing..
#allow from 192.168.0.0 to 192.168.0.24
Reference
One more
You want to show the thumbs to each owner customers but not to others?
knowing the Order number (is sequenziell) you can easily try some links and see some photos.
I suggest to use a .htaccess to password the upload folder and to generate a hash number for every thumb that you have to attribute to the order number.
A second solution: password with a .htaccess the upload folder and generate a thumb when you generate the order confirmation page without saving the thumb. (he has to see it only once as you mention).
have fun!
Two things that you should do are:
Disable directory indexing.
Always keep the file names random. Map them using the database. i.e file1.jpg->file_af324234324324ff . You can also store the thumbnail file information in the same table.