PHP to prevent image theft (hotlinking) method Summary _php Tips

Source: Internet
Author: User
Tags auth fread

This article summarizes the way in which PHP prevents image spoofing (hotlinking). Share to everyone for your reference, specific as follows:

What is the use of picture anti-theft chain? Prevent other websites from stealing your pictures and wasting your valuable traffic. This article introduces you to the two methods of preventing picture embezzlement/hotlinking in PHP

A, Apache image redirection method

Setting the images directory does not permit HTTP access

The way to prevent picture hotlinking under Apache server

If your site to the main picture, which day to find the end of the month did not reach the traffic is running out, then you can use the picture to turn, without modifying the premise of the page, the picture download request to other space (such as trial host), temporary transition.

Let's start with a description, such as your pictures are in the IMG directory, then devolve a file named. htaccess in the directory, which reads as follows:

Rewriteengine on
rewritecond%{http_referer}!^$ [NC]
rewritecond%{http_referer}!simcole.cn [NC]
Rewritecond%{http_referer}!zhuaxia.com [NC]
rewritecond%{http_referer}!google.com [NC]
Rewritecond%{HTTP _referer}!baidu.com [NC]
rewritecond%{http_referer}!bloglines.com [NC]
rewriterule. ( Jpg|gif|png|bmp|swf|jpeg)/image/replace.gif [r,nc,l]
rewriterule ^ (. *) $ http://image.simcole.cn/image/$1 [L]

Probably explained:

Rewritecond%{http_referer}!^$ [NC]
rewritecond%{http_referer}!simcole.cn [NC]
Rewritecond%{HTTP_REFERER} !zhuaxia.com [NC]
rewritecond%{http_referer}!google.com [NC]
rewritecond%{http_referer}!baidu.com [NC]
Rewritecond%{http_referer}!bloglines.com [NC]

This part is to determine whether hotlinking, if the above conditions are set up (that is, access to the picture of the request, neither directly entered the URL, Nor from the simcole.cn, nor from the zhuaxia.com, nor from the Google.com, nor from the baidu.com, nor from the bloglines.com, to perform the following turns:

Rewriterule. (jpg|gif|png|bmp|swf|jpeg)/image/replace.gif [r,nc,l]

The meaning is to let all hotlinking img directory of JPG, GIF, PNG, BMP, SWF, JPEG files of the Web page, display pictures are replaced with replace.gif pictures in the image directory. Note that replacing the displayed picture is not placed under an IMG directory that sets the anti-theft chain. If the picture request is not hotlinking according to the rules above, perform the following turn:

Rewriterule ^ (. *) $ http://image.simcole.cn/image/$1 [L]

This means that all requests to the IMG directory are directed to the target server, such as a picture where the original URL is yun_qi_img/girl.jpg and will now go to yun_qi_img/girl.jpg. Of course, you have to copy all the files from the original server IMG directory to the image directory of the staging server, and the steering is only really available. The effect is to the original server picture download occupied by the flow of all save, let the temporary server to bear.

Setting the images directory does not permit HTTP access

The images directory is set to not allow HTTP access (image directory: read, directory browsing two permissions removed).

Using a PHP file, read the picture directly with the file function. Control the permissions in this PHP file.

In the Apache environment, add the following file to your picture catalog.

File name. htaccess

The contents of the document are as follows

# Options The. htaccess files in directories can override.
# Edit apache/conf/httpd.conf to allowoverride in. htaccess
# allowoverride authconfig
# Stop the directory list F Rom being shown
options-indexes
# Controls who can get stuff to this server.
Order Deny,allow
Deny from all
Allow to localhost

Other web environments such as Iss,nginx are similar.

Class imgdata{public
$imgsrc;
public $imgdata;
public $imgform;
Public Function Getdir ($source) {
$this->imgsrc = $source;
}
Public Function Img2data () {
$this->_imgfrom ($this->imgsrc);
return $this->imgdata=fread (fopen ($this->imgsrc, ' RB '), FileSize ($this->imgsrc));
Public Function data2img () {
header ("Content-type: $this->imgform");
echo $this->imgdata;
echo $this->imgform;
Imagecreatefromstring ($this->imgdata);
Public Function _imgfrom ($imgsrc) {
$info =getimagesize ($IMGSRC);
Var_dump ($info);
return $this->imgform = $info [' mime '];
}
}
$n = new Imgdata;
$n-> getdir ("1.jpg"); Picture path, generally stored in the database, users can not get the real path, according to the picture ID to obtain
$n-> img2data ();
$n-> data2img ();

This code is to read the picture, and then directly output to the browser, in the read and output before the user permissions to determine.

PHP read the picture here, not to read the path, but to read the contents of the picture, and then through the header (), input picture type, such as GIF png jpg, and so on, the following output the contents of the picture, so the use of fread ()

In fact, you see image.php?id=100 is to show this picture in the browser, and you look at the source file, you will not see the path of the picture, but garbled image content.

Similar to the QQ space of the encrypted album, only the input password to access, and directly in the browser to enter the encrypted album photo address is also inaccessible. My current idea is that the image of the address is a PHP file, through PHP validation permissions, read the picture, and output, do not know besides such a method there is a more simple and efficient approach? For example, to generate a temporary browse address, using some nginx of some anti-theft chain plug-ins?

You can use Ngx_http_auth_basic_module to do it.

Modify configuration file

Location/{
root/usr/local/nginx/html;
Auth_basic "Auth";
AUTH_BASIC_USER_FILE/USR/LOCAL/NGINX/CONF/HTPASSWD;
Index index.php index.htm;
}

The auth in Auth_basic "Auth" is the title of the pop-up box (enter username and password)
AUTH_BASIC_USER_FILE/USR/LOCAL/NGINX/CONF/HTPASSWD; The/usr/local/nginx/conf/htpasswd in is the file that holds the password

More about PHP Interested readers can view the site topics: "PHP graphics and pictures Operating skills summary", "PHP file Operation Summary", "PHP Array" operation Skills Encyclopedia, "PHP Basic Grammar Introductory Course", "PHP Operations and Operator Usage Summary", " Introduction to PHP object-oriented programming program, "PHP Network Programming Skills Summary", "PHP string (String) Usage Summary", "Php+mysql database Operation Tutorial" and "PHP common database Operation Skills Summary"

I hope this article will help you with the PHP program design.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.