I just wanted to share with the public with another way to secure pictures, that I made long time ago and successfuly have been using on my site. It hides location of the pictures and adds antileech as well.
Works with 4images v1.7 and v1.7.1Step 1. Open
includes/functions.php Find:
function show_image($image_row, $mode = "", $show_link = 1, $detailed_view = 0) {
Replace with:
function show_image($image_row, $mode = "", $show_link = 1, $detailed_view = 0, $encrypt = 0) {
Step 1.2. Find:
"image" => get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, $show_link, $detailed_view),
Replace with:
"image" => get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, $show_link, $detailed_view, $encrypt),
Step 1.3. Find:
function get_media_code($media_file_name, $image_id = 0, $cat_id = 0, $image_name = "", $mode = "", $show_link = 0, $detailed_view = 0) {
Replace with:
function get_media_code($media_file_name, $image_id = 0, $cat_id = 0, $image_name = "", $mode = "", $show_link = 0, $detailed_view = 0, $encrypt = 0) {
Step 1.4. Find:
"media_src" => $media_src,
Replace with:
"media_src" => ($encrypt) ? ROOT_PATH."show.php?pic=".encrypt_add($media_src) : $media_src,
"media_src_original" => $media_src,
Step 1.5. At the end of the file, just
above closing
?> insert:
For 4images v1.7function encrypt_add($file){
global $_SESSION;
@session_name('4images_pic');
@session_start();
$file = base64_encode($file);
$id = md5(uniqid(microtime()));
$_SESSION['4images_pic'] = $id." ".$file." ".time();
return $id;
}
For 4images v1.7.xfunction encrypt_add($file){
global $site_sess;
$file = base64_encode($file);
$id = md5(uniqid(microtime()));
$site_sess->set_session_var("downloadpic", $id." ".$file." ".time());
return $id;
}
Step 1.6. (added 10/15/2004)
If u installed
[MOD] Show original image in new window by clicking on image then also u'll need do this:
Find:
"media_src_big" => get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, $show_link, $detailed_view, 1),
Replace it with:
"media_src_big" => get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, $show_link, $detailed_view, 1, 1),
Also
Step 1.2 and
Step 1.3 has to be changed for u:
in
Step 1.2 use this line:
function get_media_code($media_file_name, $image_id = 0, $cat_id = 0, $image_name = "", $mode = "", $show_link = 0, $detailed_view = 0, $big=0, $encrypt = 0) {
and in Step 1.3 this:
"image" => get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, $show_link, $detailed_view, $big, $encrypt),
Step 2. Open
details.php Find:
show_image($image_row, $mode, 0, 1);
Replace with:
show_image($image_row, $mode, 0, 1, 1);
Step 3. Create a new file and save it as show.php in 4images root dir, with this code:
For 4images v1.7<?php
//-----------------------------------------------------\\
//--- Created by V@no ©2003 http://gallery.vano.org ---\\
//----------------- for 4images v1.7 ------------------\\
//-----------------------------------------------------\\
//---- Settings --------
$expire = 35; //seconds
$reduce = 20; //reduce expire time after first call
//-- End Settings ------
define('ROOT_PATH', './');
include(ROOT_PATH.'includes/upload_definitions.php');
@session_name('4images_pic');
@session_start();
function is_remote_file($file_name)
{
return (preg_match("#^(https?:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/.*?\.([a-z]{1,4})$)#is", $file_name)) ? 1 : 0;
}
function get_file_extension($file_name)
{
return strtolower(substr(strrchr($file_name,"."), 1));
}
if (!function_exists("file_get_contents"))
{
function file_get_contents($file){
$data = "";
if ($fp = @fopen($file, "rb"))
{
$data = @fread ($fp, @filesize($file));
@fclose($fp);
}
return $data;
}
}
if (isset($_GET['pic']) && $_GET['pic'])
{
$id = $_GET['pic'];
}
else
{
$id = 0;
}
$file = "";
$mime = "image/gif";
if ($id && (isset($_SESSION['4images_pic']) && $_SESSION['4images_pic']))
{
$expired = time() - $expire;
$pic = explode(" ", $_SESSION['4images_pic']);
if (count($pic) != 3)
{
$file = "no/pic_error.gif"; //general error
unset($_SESSION['4images_pic']);
}
elseif ($pic[0] != $id)
{
$file = "no/pic_image.gif"; //no image found
}
elseif ($expired >= $pic[2])
{
$file = "no/pic_expired.gif"; //image expired
}
if (!$file) {
$file = base64_decode($pic[1]);
$_SESSION['4images_pic'] = $pic[0]." ".$pic[1]." ".($pic[2]-$reduce);
if (!$image_info = @getimagesize($file) || is_remote_file($file) || !$mime = $mime_type_match[get_file_extension($file)][0])
{
header ("Location: ".$file);
exit;
}
}
}
else
{
$file = "no/pic_error.gif";
}
$file = @file_get_contents($file);
header ("Content-type: ".$mime);
header ("Content-Length: ".strlen($file));
echo $file;
?>
For 4images v1.7.x <?php
//-----------------------------------------------------\\
//--- Created by V@no ©2003 http://gallery.vano.org ---\\
//--------------- for 4images v1.7.x ------------------\\
//-----------------------------------------------------\\
//---- Settings --------
$expire = 35; //seconds
$reduce = 20; //reduce expire time after first call
//-- End Settings ------
$nozip = 1;
$nocache = 1;
define('ROOT_PATH', './');
include(ROOT_PATH."global.php");
include(ROOT_PATH."includes/sessions.php");
include(ROOT_PATH.'includes/upload_definitions.php');
if (!function_exists("file_get_contents"))
{
function file_get_contents($file){
$data = "";
if ($fp = @fopen($file, "rb"))
{
$data = @fread ($fp, @filesize($file));
@fclose($fp);
}
return $data;
}
}
if (isset($HTTP_GET_VARS['pic']) && $HTTP_GET_VARS['pic'])
{
$id = $HTTP_GET_VARS['pic'];
}
else
{
$id = 0;
}
$file = "";
$mime = "image/gif";
if ($id && $pic = $site_sess->get_session_var("downloadpic"))
{
$expired = time() - $expire;
$pic = explode(" ", $pic);
if (count($pic) != 3)
{
$file = "no/pic_error.gif"; //general error
$site_sess->drop_session_var("downloadpic");
}
elseif ($pic[0] != $id)
{
$file = "no/pic_image.gif"; //no image found
}
elseif ($expired >= $pic[2])
{
$file = "no/pic_expired.gif"; //image expired
}
if (!$file)
{
$file = base64_decode($pic[1]);
$site_sess->set_session_var("downloadpic", $pic[0]." ".$pic[1]." ".($pic[2]-$reduce));
if (!$image_info = @getimagesize($file) || is_remote_file($file) || !$mime = $mime_type_match[get_file_extension($file)][0])
{
header ("Location: ".$file);
exit;
}
}
}
else
{
$file = "no/pic_error.gif";
}
$file = @file_get_contents($file);
header ("Content-type: ".$mime);
header ("Content-Length: ".strlen($file));
echo $file;
?>
Adjust two values:
//---- Settings --------
$expire = 35; //seconds before expiration. If u make it too low, the visitors whos on dialup will get "picture expired".
$reduce = 20; //reduce expire time in seconds after each call (not a good idea set this same as $expire time, because some browsers can do "double" page refresh, that will cause of "expire" message.)
//-- End Settings ------
Step 4. Create 3 .gif images that would be showed instead of the real image, when something went wrong. Upload them in
no/ folder (create it first. Name of the images must be as followed):
no/pic_error.gif - general error (something wrong with the session or ID didnt match)
no/pic_image.gif - image not found
no/pic_expired.gif - image expired
Step 5. (added 09/13/04)
Open
postcards.php Find:
$image = get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, 1);
Replace with:
$image = get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, 1, 0, 1);
after all this u can rename your /media/ folder to something else and noone could find where the images are (dont forget adjust /includes/constants.php too)
P.S. this method has few down-sides:
- each time picture being viewed it will be downloaded from the server, instead of showing from cache (extra trafic)
- the script returns the original media path when the media is not an image (.avi, .zip, etc) or when media is remote.
martrix wrote:
It would be very nice, if somebody could write how to add this nonono.gif modification to 4images and how to mask the {media_src} url.
it's pretty much simple
open templates/<yourtemplate>/media/jpg.html (this example for jpg.html template, but u'll need do same thing for all others templates for images)
Replace
<img src="{media_src}" border="1" alt="{image_name}"{width_height} />
with:
<table style="background: url({media_src}) no-repeat; background-position: center center" cellpadding="0" cellspacing="0">
<tr>
<td><img src="{template_url}/images/spacer.gif" border="1" alt="{image_name}"{width_height} /></td>
</tr>
</table>
asume that u have spacer.gif file in /templates/<yourtemplate>/images/ folder.