I suspect that this is impossible, but I'm trying to be optimistic...
I'm running a site that uses jquery & php. Via ajax, I'm dynamically loading images to a page. The problem is that the paths to the images are visible when you view the source of the page. I'm trying to figure out if it's possible to prevent the path from displaying? I just don't want anyone seeing those paths or being able to access them. So, I don't know if there's some sort of magical programming solution or something to do with htaccess, but if anyone knows how to accomplish this, I'd appreciate pointers / links / or brilliance...
As the browser needs to know where to fetch the data from, it cannot be hidden easily.
But you can it make the "attacker" a little bit harder. E.g., you can give URLs with a script behind loading the given images. The script does so only if called with the correct Referer: header.
Are Data URIs an option for you?
If not, preventing hotlinking (via Referer) would be the way I would do it, possibly with some obfuscation (depending on your user base).
Everything that's visible to the browser is visible to the clever user in one way or the other
You can hide them from lamers, but not from programmers
Anti-lamer techniques can include:
1) setting data-mangled-src attribute to something like ROT13(real-src), then doing
$('img').each(function () { $(this).attr('src', ROT13($(this).data('mangled-src')))})
2) setting some data-id attr, then AJAX-requesting the src from the server
But anyway, the URL goes to the browser, then it's visible to the user
3) And, of course, you can load your images into flash 'viewer', which is probably the most advanced way of hiding them
So... If you make the load path an internal link in php Requested through Ajax that should hide the path in network inspector... By this I mean maybe query a db that generates a temp path to the image that expires...
Then with the loaded image you could save it a canvas element... Thus no src
There are a few ways you can go about hiding image URLs.
Use a plugin: you can use flash, a java applet, etc to load the images
Use a traffic cop: you can set the source of all the images to a single PHP script, with some kind of parameter to specify which image you want. That script can check sessions variables / referer / whatever you want; if everything checks out, you can do a file_get_contents() to load the actual url of the image, then echo that out to the browser.
I've created a website to help you hide the image src of your precious photos and images.
My website will hide the source path of your image, and it also allows you to 'Lock' your photo to a specific domain eg. example.com so that the photo will only display example.com and not on facebook.com or wherever the link to the photo is reposted.
http://hideimgsrc.com
It's easier and faster than a java script based solution.
Related
I want to show some dynamic info on my image, but it needs to grab the HTML of the page that loaded my image.
There might me some security risks by that, but there should be another way since I've seen an image that does that on some forum.
The image that I'm rendering will be used on a site that I do not own, but can only add to the page, like make a post which will contain the image. The example I was pointing at was this where it shows 'Welcome to my profile, (user)'
Here's how it looks like on my pc,
Depending on client configuration it should be available in the Referer HTTP header
In PHP you can get at this with $_SERVER['HTTP_REFERER'];
Nvm it was much simpler than I thought. It looks like all he did was just simply connect to the referrer url, read the input stream, then go to that url again, read previous users, grab the latest one and just write that name onto the image.
I have created some free HTML Templates, to share them for free, but I would like to know where my templates are installed.
What I have in my mind, in order to track the template installation, is to create a php script that will generate a single pixel image. I would like to use that image to collect information about the web site that loads my picture.
So, how can I know which server is requesting my image? Any ideas?
Try using $_SERVER['HTTP_HOST']. Or if you need something else, try here : http://www.php.net/manual/en/reserved.variables.server.php
Obviously whatever you do could be stripped out, since once your template code is obtained the user could just delete the reference to track back to your script.
A pixel loading off of your server would work, you could access the data within $_SERVER to find out some information about the request and look for a referrer.
A better idea, IMO, is to write some javascript code that lives on your server and is included via a <script src="..."></script> tag on your template. This would allow you to "phone home" by dynamically creating an image source tag to fire this pixel off to your server with more information about the source.
For example, you could so something as simple as this:
(function()
{
var img = document.createElement('img'),
src = "//www.yourserver.com/path/to/pixel.php?domain=" + document.domain;
img.src = src;
})();
This would fire a pixel to your server and contain the domain that loaded your template. You could add a bunch more code that identifies the browser, uniquely tracks the user - see what kind of traffic the site is getting, whatever.
Be sure you don't use any 3rd party JS libraries, as you don't want to inject dependencies/increase load time on the site.
When you generate your single pixel image, include information that you're interested in such as this. Then check your server logs.
echo '<img src="onepixel.png?servedby='.$_SERVER['HTTP_HOST'].">';
How do I remove path inforation from a url?
For example in this url, http://stackoverflow.com/questions/ask, I want the user to only see http://stackoverflow.com. Is this possible to do?
I do a redirect in PHP from my root directory to path Foo. I don't want Foo to display in the URL.I also do a page reload of sorts using window.location.href = domain_name/foo. Similarly I don't want foo to display in the URL.
Is this possible to implment in Javascript or PHP or do I have to configure Apache to do this?
You cannot manipulate URLs in the browser's address bar using PHP or JavaScript. But you have guessed correctly, this is something that can be configured in Apache. For a primer on URL rewriting, take a look at this article.
I have seen websites that keep the user on the homepage and use AJAX to change the page content.
You should make yourself sober and then consider if you really want to hide anything and if your web site would work at all.
However, I can answer you already - it wouldn't.
We are using path information for the reason. And you'd better see it.
Read up on URL masking:
htaccess mask for my url
http://www.willmaster.com/library/web-development/URL-masking.php
etc... This cannot be handled in JS.
If you REALLY wanted to, you could do this in PHP: you would need to create an index.php page that was set up to handle the loading of other pages, and add a handler at the top of every page that detects the REQUEST_URI that sets any other link to redirect (header()) to the index page with the filepath stored in $_SESSION or another retrievable location. The index page would then render the requested page. However, this is ugly, wastes resources, and you're much better off with an apache level rewrite.
How can I know when an image (generated with PHP) is called from my website or from another one?
I have tried with
if(eregi("mydomain.com", $_SERVER[SERVER_NAME])
but seem return always true even if
<img src='..linktofilephptogeneratetheimage..' >
is located on anther server
Thanks
You'll want to use $_SERVER['HTTP_REFERER'] to get the page that refers to the image. Then match this path against the domain you're expecting the image to be accessed from (your own site).
If it's acceptable, then serve the image; if not, then echo a dummy image or something else.
Note: This variable can be manually edited by some web clients, but if you're simply trying to avoid people using your site to serve images on other pages, it should be reliable enough.
I need to redirect the url which is accessing the site images to the appropriate contents section of the site for example . the image test.jpg is used in the section http://www.mysite.com/article1 and my image path is domain/images/test.jpg if any user browse the image directly by this url domain/images/test.jpg . i would like to redirect to the article section.
What you are trying to do is kind of working against the principles of the web. A web browser loads that image of yours the same way if someone reads the article as it does when somebody accesses the image "directly".
If you only want to disable access to browsing your image collection, i.e. the directory listing of the images, that's fine and you can easily disable that in your web server.
However -- and I think that's what you are trying to do -- if you try to find out the difference how somebody accesses an image, either while reading "article1" or by loading it "directly", then things get complicated. You could use some kludges like setting cookies in the article and that you check for when loading the image... But it is probably more trouble than it's worth.