How can I know whch web site loads my image? - php

I have created some free HTML Templates, to share them for free, but I would like to know where my templates are installed.
What I have in my mind, in order to track the template installation, is to create a php script that will generate a single pixel image. I would like to use that image to collect information about the web site that loads my picture.
So, how can I know which server is requesting my image? Any ideas?

Try using $_SERVER['HTTP_HOST']. Or if you need something else, try here : http://www.php.net/manual/en/reserved.variables.server.php

Obviously whatever you do could be stripped out, since once your template code is obtained the user could just delete the reference to track back to your script.
A pixel loading off of your server would work, you could access the data within $_SERVER to find out some information about the request and look for a referrer.
A better idea, IMO, is to write some javascript code that lives on your server and is included via a <script src="..."></script> tag on your template. This would allow you to "phone home" by dynamically creating an image source tag to fire this pixel off to your server with more information about the source.
For example, you could so something as simple as this:
(function()
{
var img = document.createElement('img'),
src = "//www.yourserver.com/path/to/pixel.php?domain=" + document.domain;
img.src = src;
})();
This would fire a pixel to your server and contain the domain that loaded your template. You could add a bunch more code that identifies the browser, uniquely tracks the user - see what kind of traffic the site is getting, whatever.
Be sure you don't use any 3rd party JS libraries, as you don't want to inject dependencies/increase load time on the site.

When you generate your single pixel image, include information that you're interested in such as this. Then check your server logs.
echo '<img src="onepixel.png?servedby='.$_SERVER['HTTP_HOST'].">';

Related

Using PHP or JavaScript (client side) - How to inject a web element into a live webpage (for a demo..)?

Let's say, that I want to demonstrate a widget (or some HTML in a frame) that would be "injected" into another page.
For example: I want to show the people in Amazon.com that I can put let's say a ball image underneath every price tag they put on their web page. That is - I want to build a web server (or indeed a server less html web page) that would show their page and put some stuff of mine inside theirs. So it looks as if the client (Amazon.com here) has my software already installed on their server.
I am a web-dev total newbie, so if this is the simplest thing in the world please, ..
Thanks
There's TONS of special cases that can cause this to fail, but I'll present a simple way that will work for you on a decent amount of webpages(but not all).
save the webpages html source into a local html file.
edit the html source, adding a <base href="http://www.amazon.com/"> tag into the <head> element.
make any other modifcations to the page you want, such as adding new <script> tags to support your new functionality. Make sure your modifications use absolute urls.
If they navigate away from the page, your enhancements will obviously not carry onto the next page. ALso, you will have more success if you upload the file onto a web server. While a user can view the page by double clicking on the html file if they were to save it locally, differences in javascript security permissions will likely make some webpages not function correctly.
The reason you need to add the <base> tag is because the browser resolves relative urls by looking at the url in its address bar. So, if the amazon page had an image like this
<img src="logo.png">
and you saved the html and put it on you webserver at www.example.com, the browser would look for the image at www.example.com/logo.png, which clearly doesn't exist. The base tag tells it what base url to use.
If you need more automation, having them install a browser addon would be a good way to do this if your users are somewhat technical. Greasemonkey is a popular addon, and you can tell it to inject stuff into certain webpages. The benefit of an addon is that it can inject the new functionality into any page on the web, without you having to individually save and modify them. Also, it has the potential to work on all web pages, leaving their functionality perfectly in tact, opposed to the other suggestion. This is far more complicated though.

Getting the page that loaded my image

I want to show some dynamic info on my image, but it needs to grab the HTML of the page that loaded my image.
There might me some security risks by that, but there should be another way since I've seen an image that does that on some forum.
The image that I'm rendering will be used on a site that I do not own, but can only add to the page, like make a post which will contain the image. The example I was pointing at was this where it shows 'Welcome to my profile, (user)'
Here's how it looks like on my pc,
Depending on client configuration it should be available in the Referer HTTP header
In PHP you can get at this with $_SERVER['HTTP_REFERER'];
Nvm it was much simpler than I thought. It looks like all he did was just simply connect to the referrer url, read the input stream, then go to that url again, read previous users, grab the latest one and just write that name onto the image.

create a php proxy page

I'm looking for a way to load a full-functional copy of a web site inside a php proxy page in order to be able to grab and change part of its elements and styles.
I decided to post this question to merge my previous two into a more relevant evolution:
live change any site visualization properties
load external site and change its visualization
I have found cURL functions useful to load the page (eg. www.google.it; for google.com I received a 302 redirection, but I won't face it now).
Some of the page elements, like the image logo, are not properly loaded; this should be due to the original relative path to the site resources. I have to manually add "//google.it" before them to fix, and it worked.
Now I have another issue:
How is it possible to go further in the site navigation?
When I click any link the page is reloaded with its "real" destination. I suppose I have to reload my php and use the href link attribute as url to load (I can do that).
But what about the submit buttons? How can I redirect their destination?
Use an existing proxy for that.
Generally you'll have to just find all the strings matching the old domain name and change them into your url, so every link on the page will turn from being www.bla.com/page.htm into proxy.com/page.htm.
This will also require some server setup thanks to possible ajax requests and relative paths. Besides, super hard would be to catch dynamically constructed url's such as: var add r = 'b'+'la.com';

Hiding img src paths from code?

I suspect that this is impossible, but I'm trying to be optimistic...
I'm running a site that uses jquery & php. Via ajax, I'm dynamically loading images to a page. The problem is that the paths to the images are visible when you view the source of the page. I'm trying to figure out if it's possible to prevent the path from displaying? I just don't want anyone seeing those paths or being able to access them. So, I don't know if there's some sort of magical programming solution or something to do with htaccess, but if anyone knows how to accomplish this, I'd appreciate pointers / links / or brilliance...
As the browser needs to know where to fetch the data from, it cannot be hidden easily.
But you can it make the "attacker" a little bit harder. E.g., you can give URLs with a script behind loading the given images. The script does so only if called with the correct Referer: header.
Are Data URIs an option for you?
If not, preventing hotlinking (via Referer) would be the way I would do it, possibly with some obfuscation (depending on your user base).
Everything that's visible to the browser is visible to the clever user in one way or the other
You can hide them from lamers, but not from programmers
Anti-lamer techniques can include:
1) setting data-mangled-src attribute to something like ROT13(real-src), then doing
$('img').each(function () { $(this).attr('src', ROT13($(this).data('mangled-src')))})
2) setting some data-id attr, then AJAX-requesting the src from the server
But anyway, the URL goes to the browser, then it's visible to the user
3) And, of course, you can load your images into flash 'viewer', which is probably the most advanced way of hiding them
So... If you make the load path an internal link in php Requested through Ajax that should hide the path in network inspector... By this I mean maybe query a db that generates a temp path to the image that expires...
Then with the loaded image you could save it a canvas element... Thus no src
There are a few ways you can go about hiding image URLs.
Use a plugin: you can use flash, a java applet, etc to load the images
Use a traffic cop: you can set the source of all the images to a single PHP script, with some kind of parameter to specify which image you want. That script can check sessions variables / referer / whatever you want; if everything checks out, you can do a file_get_contents() to load the actual url of the image, then echo that out to the browser.
I've created a website to help you hide the image src of your precious photos and images.
My website will hide the source path of your image, and it also allows you to 'Lock' your photo to a specific domain eg. example.com so that the photo will only display example.com and not on facebook.com or wherever the link to the photo is reposted.
http://hideimgsrc.com
It's easier and faster than a java script based solution.

How can I know whether the image generated using PHP is requested from my website or some other website?

How can I know when an image (generated with PHP) is called from my website or from another one?
I have tried with
if(eregi("mydomain.com", $_SERVER[SERVER_NAME])
but seem return always true even if
<img src='..linktofilephptogeneratetheimage..' >
is located on anther server
Thanks
You'll want to use $_SERVER['HTTP_REFERER'] to get the page that refers to the image. Then match this path against the domain you're expecting the image to be accessed from (your own site).
If it's acceptable, then serve the image; if not, then echo a dummy image or something else.
Note: This variable can be manually edited by some web clients, but if you're simply trying to avoid people using your site to serve images on other pages, it should be reliable enough.

Categories