4images Forum & Community
4images Issues / Ausgaben => Feedback & Suggestions => Topic started by: V@no on March 24, 2005, 03:38:18 AM
-
In this topic we'll discuss some trick to secure images,media files, etc
Before the hack we had over 10 pages of this topic 8O
I'll try reproduce some usefull tips'n tricks. In case u would like to, I've attached 8 pages from the old forum.
-
Translated message of thrOne:
1. Secure your Directory
Secure it with a .htaccess file in it.
(empty file)
2. View the Pic
The viewscript shows the Picture in a table.
the trick: the real pic is the background, the
content a transparent .gif. there is no way to
rightclick the background.
in Html:
Code:
<table CELLSPACING=0 CELLPADDING=0 COLS=1 WIDTH="100" HEIGHT="100">
<tr><td BACKGROUND="ihrbild.gif">
<img SRC="transparent.gif" height=100 width=100>
</td></tr></table>
Our Knowledge in the PHP Files:
Sourcecode "view_image.php":
Code:
<?php
session_start();
// deactivate cache
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") ." GMT");
header("Pragma: no-cache");
header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate");
// Challenge-ID
mt_srand((double)microtime()*1000000);
$random = mt_rand();
$random = md5(uniqid($random,TRUE));
$sess_challenge_id = $random;
if(!session_is_registered("sess_challenge_id")):
session_register("sess_challenge_id");
endif;
// Read image
$pic = "tolle-grafik.jpg";
$img = @GetImageSize("/absoluter/pfad/zu/verzeichniss/images/".$pic);
$width = $img[0];
$height = $img[1];
// show HTML table
printf("<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"%s\" height=\"%s\">\n",$width,$height);
print "<tr>\n";
printf("<td width=\"%s\" height=\"%s\" background=\"read_image.php?img=%s&challenge=%s\">",$width,$height,rawurlencode($pic),$sess_challenge_id);
printf("<img border=\"0\" src=\"blind.gif\" width=\"%s\" height=\"%s\">",$width,$height);
print "</td>\n";
print "</tr>\n";
print "</table>\n";
?>
Description:
You have to start a session first.
After this, we deaktivate the Cache because of
security reasons and build a 32 chars long "challenge-id"
these challenge ids can be also used to notice reload.
now just read the image size with GetImageSize()
Now the real trick:
Instead of pointing to the image
directly, we start another Script,
"read_image.php" and attach as Get-Parameter
the Name of the Image-File and our
Challenge-ID.
3. Reading the Image
We need another Script, for reading
the Image out of the secured dir.
The Sourcecode:
<?php
session_start();
// Challenge-ID OK -> Show Pic
if(session_is_registered("sess_challenge_id") and $sess_challenge_id == $challenge):
session_unregister("sess_challenge_id");
$path = "/asoluter/pfad/zu/verzeichniss/images/";
$img = rawurldecode($img);
$read = @GetImageSize($path.$img);
$type = $read[2];
// Set kind of File
switch($type)
{
case 1:
$mime = "image/gif";
break;
case 2:
$mime = "image/jpeg";
break;
case 3:
$mime = "image/png";
break;
case 4:
$mime = "application/x-shockwave-flash";
break;
}
// Send Header and read the image with readfile()
// sending the graphic to the browser
header("Content-Type: $mime");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Pragma: no-cache");
header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate");
readfile($path.$img);
// Access denied -> Transparent GIF *doh*
else:
header("Content-type: image/gif");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") ." GMT");
header("Pragma: no-cache");
header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate");
readfile("blind.gif");
endif;
?>
At first we test the Session-Value and compare it
with the challenge. if its ok, we delete the session
variable to prevent copy and paste out of the
page-source.
now getimagesize() again, to give the browser
the right header.
readfile() the image to the browser.
if there's no session-variable or the challenger-IDs
don't match, there will be only a transparent .gif.
Summary of security methods:
Directory secured with .htaccess
No Access with browser
Graphic as Table-Background
Transparent Gif
Session Variables and Challenge IDs
-
Message by Chris
Nossie wrote:
especially when it can be evaded by using print screen... of some other form of screen capture that doesnt use keypresses (or product keys)
If the visitor is using IE 5.x or higher, there is a solution to the dreaded screen print. Open the details.html template and add this to the top:
{header}
<script language="JavaScript" type="text/JavaScript">
window.setInterval("window.clipboardData.setData('Text','[The clipboard is temporarily disabled. To restore normal function, simply close the web browser currently viewing a full size image at {site_name}]')",20);
</script>
This code sets the clipboard data to the text message "clipboard is temporarily disabled" every 20 milliseconds. This will also block the capture function of any software that uses the system clipboard which is all of them in my experience.
I've tested this under MS Windows, not sure about Macintosh. I'd estimate 85% of my visitors are using MS Windows and IE 5.x or higher so this is a fairly effective javascript.
According to http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/clipboarddata.asp the following code is supposed to clear the clipboard of any image data. This allows the user to retain the ability to copy and paste text, URL, file and HTML data.
window.setInterval('window.clipboardData.clearData("Image")',20);
At one time a couple days ago, I had this working. The user couldn't screen capture to the clipboard but could still cut and paste text. Since then I haven't gotten it to work. the clearData('Image') method just clears all data. Not sure what I'm doing wrong and it's probably something to do with my other javascripts. In any case I present it here for everyone's benefit.
Just thought I'd share what I've learned recently.
Message by Chris:Use javascript to decrypt a PHP encrypted image link and document.write it to the page. Use the <noscript> tag to point to a web site logo. If the user disables javascript, they only get to see the logo and not the image they wanted. Effective for me since I use a chromeless window for the images.
Here is a code for media/jpg.html template:<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td align="center" width="100%">
<script language="JavaScript" type="text/JavaScript">
document.write('<img src=\"{media_src}\">');
</script>
<noscript>
<img src="/resources/images/logo.gif"/>
</noscript>
</td>
</tr>
</table>
Message by Chris:For the uninitiated: Hotlink protection is when you implement measures to ensure the link was followed from your site.
The technique I've described only ensures the user has javascript enabled and that web site copiers can't grab the images. It's not actually a hotlink issue since the pages and image links are being loaded from the 4images site itself either from the user's javascript enabled browser or from web site copying software.
For those reading who don't know about hotlinks, a hotlink is when a web page on someone else's web site links to images on your web site. This steals your bandwidth by loading your images in their pages by reading them off your server.
What I documented wouldn't stop that from happening. Another post already exists in these forums that describes a method for preventing hotlinks by using the .htaccess file for Apache web servers. Another approach is to use PHP to set and check a session variable before allowing the user to view the file. That method is covered pretty well by this short article here:
http://www.pinkgoblin.com/bandwidthprotection.php
The main reason I'm taking these steps is to ensure images are only downloaded by registered users and that people can't grab thousands of my photos with a single click of the mouse.
-
I just wanted to share with the public with another way to secure pictures, that I made long time ago and successfuly have been using on my site. It hides location of the pictures and adds antileech as well.
Works with 4images v1.7 and v1.7.1
Step 1.
Open includes/functions.php
Find:
function show_image($image_row, $mode = "", $show_link = 1, $detailed_view = 0) {
Replace with:
function show_image($image_row, $mode = "", $show_link = 1, $detailed_view = 0, $encrypt = 0) {
Step 1.2.
Find:
"image" => get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, $show_link, $detailed_view),
Replace with:
"image" => get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, $show_link, $detailed_view, $encrypt),
Step 1.3.
Find:
function get_media_code($media_file_name, $image_id = 0, $cat_id = 0, $image_name = "", $mode = "", $show_link = 0, $detailed_view = 0) {
Replace with:
function get_media_code($media_file_name, $image_id = 0, $cat_id = 0, $image_name = "", $mode = "", $show_link = 0, $detailed_view = 0, $encrypt = 0) {
Step 1.4.
Find:
"media_src" => $media_src,
Replace with:
"media_src" => ($encrypt) ? ROOT_PATH."show.php?pic=".encrypt_add($media_src) : $media_src,
"media_src_original" => $media_src,
Step 1.5.
At the end of the file, just above closing ?> insert:
For 4images v1.7
function encrypt_add($file){
global $_SESSION;
@session_name('4images_pic');
@session_start();
$file = base64_encode($file);
$id = md5(uniqid(microtime()));
$_SESSION['4images_pic'] = $id." ".$file." ".time();
return $id;
}
For 4images v1.7.x
function encrypt_add($file){
global $site_sess;
$file = base64_encode($file);
$id = md5(uniqid(microtime()));
$site_sess->set_session_var("downloadpic", $id." ".$file." ".time());
return $id;
}
Step 1.6. (added 10/15/2004)
If u installed [MOD] Show original image in new window by clicking on image (http://www.4homepages.de/forum/index.php?topic=3236.0)
then also u'll need do this:
Find:
"media_src_big" => get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, $show_link, $detailed_view, 1),
Replace it with:
"media_src_big" => get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, $show_link, $detailed_view, 1, 1),
Also Step 1.2 and Step 1.3 has to be changed for u:
in Step 1.2 use this line:
function get_media_code($media_file_name, $image_id = 0, $cat_id = 0, $image_name = "", $mode = "", $show_link = 0, $detailed_view = 0, $big=0, $encrypt = 0) {
and in Step 1.3 this:
"image" => get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, $show_link, $detailed_view, $big, $encrypt),
Step 2.
Open details.php
Find:
show_image($image_row, $mode, 0, 1);
Replace with:
show_image($image_row, $mode, 0, 1, 1);
Step 3.
Create a new file and save it as show.php in 4images root dir, with this code:
For 4images v1.7
<?php
//-----------------------------------------------------\\
//--- Created by V@no ©2003 http://gallery.vano.org ---\\
//----------------- for 4images v1.7 ------------------\\
//-----------------------------------------------------\\
//---- Settings --------
$expire = 35; //seconds
$reduce = 20; //reduce expire time after first call
//-- End Settings ------
define('ROOT_PATH', './');
include(ROOT_PATH.'includes/upload_definitions.php');
@session_name('4images_pic');
@session_start();
function is_remote_file($file_name)
{
return (preg_match("#^(https?:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/.*?\.([a-z]{1,4})$)#is", $file_name)) ? 1 : 0;
}
function get_file_extension($file_name)
{
return strtolower(substr(strrchr($file_name,"."), 1));
}
if (!function_exists("file_get_contents"))
{
function file_get_contents($file){
$data = "";
if ($fp = @fopen($file, "rb"))
{
$data = @fread ($fp, @filesize($file));
@fclose($fp);
}
return $data;
}
}
if (isset($_GET['pic']) && $_GET['pic'])
{
$id = $_GET['pic'];
}
else
{
$id = 0;
}
$file = "";
$mime = "image/gif";
if ($id && (isset($_SESSION['4images_pic']) && $_SESSION['4images_pic']))
{
$expired = time() - $expire;
$pic = explode(" ", $_SESSION['4images_pic']);
if (count($pic) != 3)
{
$file = "no/pic_error.gif"; //general error
unset($_SESSION['4images_pic']);
}
elseif ($pic[0] != $id)
{
$file = "no/pic_image.gif"; //no image found
}
elseif ($expired >= $pic[2])
{
$file = "no/pic_expired.gif"; //image expired
}
if (!$file) {
$file = base64_decode($pic[1]);
$_SESSION['4images_pic'] = $pic[0]." ".$pic[1]." ".($pic[2]-$reduce);
if (!$image_info = @getimagesize($file) || is_remote_file($file) || !$mime = $mime_type_match[get_file_extension($file)][0])
{
header ("Location: ".$file);
exit;
}
}
}
else
{
$file = "no/pic_error.gif";
}
$file = @file_get_contents($file);
header ("Content-type: ".$mime);
header ("Content-Length: ".strlen($file));
echo $file;
?>
For 4images v1.7.x
<?php
//-----------------------------------------------------\\
//--- Created by V@no ©2003 http://gallery.vano.org ---\\
//--------------- for 4images v1.7.x ------------------\\
//-----------------------------------------------------\\
//---- Settings --------
$expire = 35; //seconds
$reduce = 20; //reduce expire time after first call
//-- End Settings ------
$nozip = 1;
$nocache = 1;
define('ROOT_PATH', './');
include(ROOT_PATH."global.php");
include(ROOT_PATH."includes/sessions.php");
include(ROOT_PATH.'includes/upload_definitions.php');
if (!function_exists("file_get_contents"))
{
function file_get_contents($file){
$data = "";
if ($fp = @fopen($file, "rb"))
{
$data = @fread ($fp, @filesize($file));
@fclose($fp);
}
return $data;
}
}
if (isset($HTTP_GET_VARS['pic']) && $HTTP_GET_VARS['pic'])
{
$id = $HTTP_GET_VARS['pic'];
}
else
{
$id = 0;
}
$file = "";
$mime = "image/gif";
if ($id && $pic = $site_sess->get_session_var("downloadpic"))
{
$expired = time() - $expire;
$pic = explode(" ", $pic);
if (count($pic) != 3)
{
$file = "no/pic_error.gif"; //general error
$site_sess->drop_session_var("downloadpic");
}
elseif ($pic[0] != $id)
{
$file = "no/pic_image.gif"; //no image found
}
elseif ($expired >= $pic[2])
{
$file = "no/pic_expired.gif"; //image expired
}
if (!$file)
{
$file = base64_decode($pic[1]);
$site_sess->set_session_var("downloadpic", $pic[0]." ".$pic[1]." ".($pic[2]-$reduce));
if (!$image_info = @getimagesize($file) || is_remote_file($file) || !$mime = $mime_type_match[get_file_extension($file)][0])
{
header ("Location: ".$file);
exit;
}
}
}
else
{
$file = "no/pic_error.gif";
}
$file = @file_get_contents($file);
header ("Content-type: ".$mime);
header ("Content-Length: ".strlen($file));
echo $file;
?>
Adjust two values:
//---- Settings --------
$expire = 35; //seconds before expiration. If u make it too low, the visitors whos on dialup will get "picture expired".
$reduce = 20; //reduce expire time in seconds after each call (not a good idea set this same as $expire time, because some browsers can do "double" page refresh, that will cause of "expire" message.)
//-- End Settings ------
Step 4.
Create 3 .gif images that would be showed instead of the real image, when something went wrong. Upload them in no/ folder (create it first. Name of the images must be as followed):
no/pic_error.gif - general error (something wrong with the session or ID didnt match)
no/pic_image.gif - image not found
no/pic_expired.gif - image expired
Step 5. (added 09/13/04)
Open postcards.php
Find:
$image = get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, 1);
Replace with:
$image = get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, 1, 0, 1);
after all this u can rename your /media/ folder to something else and noone could find where the images are (dont forget adjust /includes/constants.php too)
P.S. this method has few down-sides:
- each time picture being viewed it will be downloaded from the server, instead of showing from cache (extra trafic)
- the script returns the original media path when the media is not an image (.avi, .zip, etc) or when media is remote.
martrix wrote:
It would be very nice, if somebody could write how to add this nonono.gif modification to 4images and how to mask the {media_src} url.
it's pretty much simple
open templates/<yourtemplate>/media/jpg.html (this example for jpg.html template, but u'll need do same thing for all others templates for images)
Replace
<img src="{media_src}" border="1" alt="{image_name}"{width_height} />
with:
<table style="background: url({media_src}) no-repeat; background-position: center center" cellpadding="0" cellspacing="0">
<tr>
<td><img src="{template_url}/images/spacer.gif" border="1" alt="{image_name}"{width_height} /></td>
</tr>
</table>
asume that u have spacer.gif file in /templates/<yourtemplate>/images/ folder.
-
Chris replyed with some addon to the code I've posted on page 4 (see code in previous reply):
And here is how to make sure the browser doesn't cache the viewed file to disk.
Change this block:
header ("Content-Length: ".strlen($file)."\n\n");
echo $file;
exit;
to this:
header ("Content-Length: ".strlen($file)."\n\n");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // expires in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // Last modified, right now
header("Cache-Control: no-cache, must-revalidate"); // Prevent caching, HTTP/1.1
header("Pragma: no-cache"); // Prevent caching, HTTP/1.0
echo $file;
exit;
-
Message posted by abda53bd:
heres a good no right click that doesnt have a popup,
but it works even with mozilla (the others that ive seen doesnt)
this even works against the F10 bypass
<SCRIPT LANGUAGE="Javascript">
var isNS = (navigator.appName == "Netscape") ? 1 : 0;
var EnableRightClick = 0;
if(isNS)
document.captureEvents(Event.MOUSEDOWN||Event.MOUSEUP);
function mischandler(){
if(EnableRightClick==1){ return true; }
else { return false; }
}
function mousehandler(e){
if(EnableRightClick==1){ return true; }
var myevent = (isNS) ? e : event;
var eventbutton = (isNS) ? myevent.which : myevent.button;
if((eventbutton==2)||(eventbutton==3)) return false;
}
function keyhandler(e) {
var myevent = (isNS) ? e : window.event;
if (myevent.keyCode==96)
EnableRightClick = 1;
return;
}
document.oncontextmenu = mischandler;
document.onkeypress = keyhandler;
document.onmousedown = mousehandler;
document.onmouseup = mousehandler;
</script>
-
I've tried to install the V@no's MOD to "hide location of the pictures and adds antileech as well". And it always shows the general error. And I don't know where the problem is. No one image is showing with this MOD.
It's no important for me to use the general, images not found or image expired errors. I only want to hide the url of the image when you see the source code.
Can any code of this MOD been deleted o modified to get this?
or can you help me to get this MOD works?
-
this MOD doesn't works with 4images 1.7.1, right?
v@no, can you fix it and make it works with 1.7.1 please
-
I'm using 4image 1.71 and doesn't work. But I'm not sure if the version is the problem. I've verified it several times and I didn't find any mistake I had made.
Is there any change to 4images 1.7.1?
Thanks.
-
I've added support in the original code (Step 1.5 and Step 3)
-
thank you :D
-
thanks Vano :D :!:
-
Is there any other script to prevent clipboard in Firefox web browser? Because these only work with IE.
I've tried Chris's (top of this page) and Chlee's (with the 'disable.js' archive) but no one disables cliboard with Firefox.
Any help?
-
no, the clipboard manipulation is only avalable in IE browsers. which I hope will not be supported (or atleast will have a setting to turn that feature off) in soon comming IE version 7
-
Not a chance. The DataTransfer object is typically used for drag and drop features in IE :wink:
-
but no one disables cliboard with Firefox.
There's a way to do it in Firefox but it requires the user to download a javascript file and place it in their profile folder. FastMail.fm uses this to enable their javascript code to access the clipboard under Firefox.
-
- the script returns the original media path when the media is not an image (.avi, .zip, etc) or when media is remote.
Can I do something for isn't returning the original path when the media is not an image (.zip or .pdf)?
PS Sorry for my English )
-
Can I do something for isn't returning the original path when the media is not an image (.zip or .pdf)?
that will double your bandwitch, server load and responce time. Your server will need download the file from remote location, and then send it to the client's browser.
-
that will double your bandwitch, server load and responce time. Your server will need download the file from remote location, and then send it to the client's browser.
but how it did with images (media)?
I want do it also for zip
-
I've tried to install this mod, but music is not play. Can you help me?
-
Just a word to mention that :
function encrypt_add($file){
global $site_sess;
$file = base64_encode($file);
$id = md5(uniqid(microtime()));
$site_sess->set_session_var("downloadpic", $id." ".$file." ".time());
return $id;
}
also works with 4images 1.7 ' if ' you're using PHP v.4.3.11. Everything ' FINALLY ' works fine from my end with the new addition of ' set_session_var ' as this would of seemed to be the missing component I needed all along. ;)
I'm giving you my thanks on this one.
-
hi guys ,
i have found a simple solution for Pic Security of my own ... which was causing me much problem . I have posted a solution i found here which i have tested and gonna use . http://www.4homepages.de/forum/index.php?topic=7630.0 let me know if this helps you .
-
Sorry but with any protection its just too easy to get a picture.
Just a hardcopy of the screen thats all. I think there is only one solution: Watermarks on every picture.
-
I think there is only one solution: Watermarks on every picture.
there is another ultimate sollution: dont put it on the web :lol:
-
I think there is only one solution: Watermarks on every picture.
there is another ultimate sollution: dont put it on the web :lol:
strike!
and the very best: even dont take the picture!
-
With firefox you can choose :
File - save page as - ..
and my page is saved, with all files in a submap.
The pic i tried to protect is called show.gif in that map. :?
So all the mods are of no use if they use firefox.
Are there some tips how to prevent saving the page ?
Thx !
-
Hi!
I have followed the steps of "Page 4" in my gallery but now users don't see pictures in detailed view - there is only a frame around the place where the pic should be.
Please, help me!!
-
Hi!
I have followed the steps of "Page 4" in my gallery but now users don't see pictures in detailed view - there is only a frame around the place where the pic should be.
Please, help me!!
made a misstake during installation? maybe?
make sure u used specific code for your version of 4images.
-
i use version 1.7.1 - and i choosed the proper code.
i don't see any mistakes, i tried few times but the result was always the same :(
-
Hi!
Great code pieces. Works very well with me.
Is there also a way to protect the thumbnails with the "hides location of the pictures and adds antileech" version?
Greetings
lapinkulta
-
Is there also a way to protect the thumbnails with the "hides location of the pictures and adds antileech" version?
sorry, not with this method.
This method allow save only one location per page.
-
I see. Any other way to protect the thumbnail path?
Greetings,
lapinkulta
-
hi!
I use the "hides location of the pictures and adds antileech" codes from this thread and i'm very happy with it.
For registered users I would like to offer a possiblity to directly link to the images and give them the code to copy and paste like
<img src="....">
or maybe even with bb code etc.
How can this be done?
Greetings,
lapinkulta
-
I just wanted to share with the public with another way to secure pictures, that I made long time ago and successfuly have been using on my site. It hides location of the pictures and adds antileech as well.
it hides the location well, but when you save the pic with right-click (my site) , the picture only can be saved as .bmp, and no name of the picture is shown. :?
-
it hides the location well, but when you save the pic with right-click (my site) , the picture only can be saved as .bmp, and no name of the picture is shown. :?
That is only in IE browsers, because it seems only IE obbeys site's requests not to cache images. Remove all "no-cache" headers from the code.
-
I removed all "no-cache" headers from the code, but there seems to be no diffrence. The picture can not be saved as jpg, but only as bmp, and picture name is not showing up when saving with right click.
ex : http://www.edupics.com/coloringpictures54.htm
only "no-cache" headers i found :
admin/checkimages
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // turn off caching
admin/adminfunctions
header ("Cache-Control: no-store, no-cache, must-revalidate");
header ("Cache-Control: pre-check=0, post-check=0, max-age=0", false);
header ("Pragma: no-cache");
header ("Expires: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
--couldn't find any more "no-cache" headers--
-
... The picture can not be saved as jpg, but only as bmp ...
it is a problem with not only your MS-IE ... your Temporary-Internet-Files-Folder is too full .... :?
go to : MS-IE -> Options -> Generally -> Temporary Internet Files -> Files delete
(or similarly ... I use a German Version ... :wink: )
now the problem should be repaired ...
also to find here : http://support.microsoft.com/default.aspx?scid=kb;de;810978
-
no, i already tried that...
even if temporary-internet-files-folder is empty, picture only can be saved as .bmp
you can try it on
http://www.edupics.com/coloringpictures54.htm
i suppose you'll have the same problem. :?
if i try to save with firefox :
it saves the pictures as .gif with the name "show.php"
( the pics are jpg's )
i have the mod " Cache System for 4images v1.7 " installed on the site, but i supose this is not the problem, because if i disable the caching, problems stay the same
-
you can try it on
http://www.edupics.com/coloringpictures54.htm
i suppose you'll have the same problem. :?
if i try to save with firefox :
it saves the pictures as .gif with the name "show.php"
... you are right ... 8O
-
Your server still sending
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
- that's why.
It could be the server's setup itself...dont know.
-
i checked and on server side no caching is disabled.
i searched trough my entire site, nothing can be found that disables caching...
searched on the words cache, pragma, header, no-cache, ......nothing.
:? :?
-
I had the same problem ones, and turned out I had to change something in the php.ini or in apache config.conf I cant remmember exactly now...
For now, can I see your phpinfo?
[edit]
I think it was in php.ini I had to comment out this line:session.cache_limiter = nocache[edit2]
if that is the reason, try add on top of global.php:session_cache_limiter('none');
-
the adding of the code on top of global.php didn't work
i removed the modifications.
if you print trough right click or copy and paste to Word, the error message was shown.... :?
just curious,
you wrote in the lightbox-for-guests mod :
and this are the headers from my site:
Quote
HTTP/1.1 302 Found
Date: Sun, 10 Apr 2005 17:29:59 GMT
Server: Apache/2.0.53 (Unix)
Set-Cookie: PHPSESSID=pnabxOCw05f9EyIqnnvlIpkOsL9; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 4images_lightbox=s%3A0%3A%22%22%3B; expires=Sat, 09 Jul 2005 17:29:59 GMT; path=/
Set-Cookie: 4images_lightbox_lastaction=i%3A1113154199%3B; expires=Sat, 09 Jul 2005 17:29:59 GMT; path=/
Location: ./templates/vano/images/lightbox_no.gif
Content-Length: 0
Connection: close
Content-Type: image/gif
that's the same code as sent by my server, preventing the caching :
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
do you know where that/your code was generated ?
-
do you know where that/your code was generated ?
I think it was in php.ini I had to comment out this line:session.cache_limiter = nocache
But again, I'd like to see your phpinfo
-
My domain is on shared server so i do not have access to the php.ini file
-
Hello kief,
create a file with the content you see in my signature, load in on your space and give the link to it.
-
Thx RoadDogg
the link : http://www.edupics.com/phpinfo.php
-
in .htaccess add this line:
php_flag session.cache_limiter privateIt worked for me ;)
-
it's getting better all the time... :D
now i can print and save the picture with right-click.
- after right click i can choose to save the pic as a .jpg, but it saves as a .gif )-
Only problem left is that all pics are called "show".
---------------------------------------------------------------------------------------------------------------------------------------------------------
will Google read the pictures with their correct names with this modification ?
like "floating.jpg" ? or will it read show.gif, or something like "show.php?pic=20648008ac9adc4a74642bab241f59c9" ?
thx
-
anyone knows how a SE will react on the modifications of V@no ?
I just wanted to share with the public with another way to secure pictures, that I made long time ago and successfuly have been using on my site. It hides location of the pictures and adds antileech as well.
can the SE still read/find the names of the jpg files?
thx
-
"SE" as "Security Enchanced"?
I see no problem with that, as long as your images are located in the category reacheble by your webserver and set proper permissions.
-
can the SE still read/find the names of the jpg files?
thx
SE as "search engine" :wink: >>> Google Image Search
important to me because i am translating the names of the jpg files from dutch to english so they can be found by english "Google image search".
But if google can't read the names of the jpg files anymore, translation is of no use.
-
correct, I belive SE either will not index your images at all, or even if they do, all you'd be able to see is "image expired".
SE might index details page, but still in the cached version it will show "image expired" - this mod is not SE friendly ;)
-
Hello,
Maybe I'm missing something.
I've installed the "Pic Security" mod of V@no.
But it's not working properly.
In my source code I see:
img src="./show.php?pic=0ce09904b55418b7491b4c0fe66162eeI can't see the picture.
I've seen this question before, but I can't find the answer.
What have I done wrong?
I'm using version 1.7.1
-
I belive I've explained somewhere in the replys how to debug this...
1) increase the timeout inf show.php file to, lets say, 10 minute (600 seconds), comment out or remove this line:header ("Content-type: ".$mime); 2) open details page with your picture, then find in the source of that page the url to that image (./show.php?pic=k23jh4k23h4k23j42k3h4)
3) try open that url directly in the browser and see if it shows you any error messages.
-
V@no said -->
I just wanted to share with the public with another way to secure pictures, that I made long time ago and successfuly have been using on my site. It hides location of the pictures and adds antileech as well.
Hello,
i get the feedback from some people i know that they see the error message...
at the same time i don't see it when i go to the site.
I got this feedback a couple of times last week. Maybe they are in a network that gives problems or something like that, but fact is that i would like to disable the antileech in the modification.
Is there some code i can remove from showpic.php so that this error doesn't show up anymore?
Thx
-
Sorry, not the antileech, it would require completly different code.
But you can try play with the expiration settings://---- Settings --------
$expire = 35; //seconds
$reduce = 20; //reduce expire time after first call
-
those people i know are not hotlinking...
Do you have any idea what else could cause this "error" problem ?
-
proxy, browser settings
-
Done with V@no method: It work with images but not for media files such as: mp3, wmv, swf.. You guys have any idea to make these media files works? I meant they work and hide URLs as well :roll:
-
If you are refering to remote located files (when used URL for the file), then its not possible.
Otherwise, try replace if (!$image_info = @getimagesize($file) || is_remote_file($file) || !$mime = $mime_type_match[get_file_extension($file)][0])with: if (is_remote_file($file) || !$mime = $mime_type_match[get_file_extension($file)][0])but I doubt it will help, because you did not explain what doesnt work EXACTLY, so I dont know where to look ;)
-
I might be stupid, but how do I implement the codes in
« Reply #1 on: March 24, 2005, 03:39:31 AM »
1) In which folders should I place the 3 files? (.htaccess, read_image.php and view_image.php)
2) Are there any other files I have to modify to activate the code? And if so, what modifications should I make?
Best regards
-
To which code are you reffering to? post a link to the reply please.
-
Insert Quote
I might be stupid, but how do I implement the codes in
« Reply #1 on: March 24, 2005, 03:39:31 AM »
http://www.4homepages.de/forum/index.php?topic=6997.msg30699#msg30699
(It's the first reply under this subject, Pic Security)
1) In which folders should I place the 3 files? (.htaccess, read_image.php and view_image.php)
2) Are there any other files I have to modify to activate the code? And if so, what modifications should I make?
Best regards
-
thank you very much for everything!
it worked after all and sorry for the PMs i didnt know :oops:
actually... its only working witn IE 8O
-
i tried mozilla and opera and they dont work with the mod, but it works on IE :S any idea why?
and im getting the image pic_error.gif
-
Its because for some reason media player requests 3 times the media file! that's why its getting expired too soon.
Another thing, it redirects to the media file, so its not really hiding the location...
So try this: In show.php replace $site_sess->set_session_var("downloadpic", $pic[0]." ".$pic[1]." ".($pic[2]-$reduce));
if (!$image_info = @getimagesize($file) || is_remote_file($file) || !$mime = $mime_type_match[get_file_extension($file)][0])with: $ext = get_file_extension($file);
if (in_array($ext, array("wmv","mp3","mpg","mpeg","avi","mov","wma","ogg")))
{
$reduce = 0;
$image_info = 1;
}
else
{
$image_info = @getimagesize($file);
}
$site_sess->set_session_var("downloadpic", $pic[0]." ".$pic[1]." ".($pic[2]-$reduce));
if (!$image_info || is_remote_file($file) || !$mime = $mime_type_match[$ext][0])
-
tried that im getting this
(http://www.jacionline.com/videos/no/pic_error.gif)
and i was using 6000 seconds in expire
-
actually is not that one, its this one...
else
{
$file = "no/pic_error.gif";
}
$file = @file_get_contents($file);
-
I might be stupid, but how do I implement the codes in
« Reply #1 on: March 24, 2005, 03:39:31 AM »
http://www.4homepages.de/forum/index.php?topic=6997.msg30699#msg30699
(It's the first reply under this subject, Pic Security)
1) In which folders should I place the 3 files? (.htaccess, read_image.php and view_image.php)
2) Are there any other files I have to modify to activate the code? And if so, what modifications should I make?
Best regards
-
It was more like a theory for these who understand. You should continue reading the topic, because there are few "practical" codes posted based on that theory.
-
so any idea what could be causing opera/mozilla to not work and only IE???
-
I dont know, maybe because it reports a wrong mime type (make sure the first type for your file extension that is set in includes/upload_definitions.php is correct) and because its using media player v6.4 plugin...maybe
-
It might also be for the fact that Media Player 10 is more familiarized with IE than Firefox.
-
i have this on my upload definitions file
$mime_type_match['wmv'] = array("video/x-ms-wmv");
is that correct?
-
I have good and bad news...
The good news - I found the reason why FF/Opera don't play the video. Its because the media player plugin your are using on your site for some reason looses "temporary" cookies (aka session cookies). And since this method is based on sessions, 4images can not determin to which session is belong the request for the file and sends out "pic_error.gif" instead.
The bad news - I dont have a solution on how to fix it, but I'll keep looking ;)
P.S. this is crazy! While examining data sent by the browser and reseived responsed from the server I've learned that when open your page in IE it downloads about 20kb of the file (probably depese on client's internet speed), then it cut the connection and start downloading again that file but under different client name (first request under user agent "Windows-Media-Player/9.00.00.3250" - that is my MediaPlayer version, but second request is under "NSPlayer/10.0.0.3802 WMFSDK/10.0" - I have no clue what this is).
-
microsoft uh? they cant make things simple lol
if you find any fix ill be very happy :)
-
How do I implement the codes in
« Reply #1 on: March 24, 2005, 03:39:31 AM »
http://www.4homepages.de/forum/index.php?topic=6997.msg30699#msg30699
(It's the first reply under this subject, Pic Security)
1) In which folders should I place the 3 files? (.htaccess, read_image.php and view_image.php)
2) Are there any other files I have to modify to activate the code? And if so, what modifications should I make?
Best regards
No-one who knows?
-
had to stop using the mod cuz many users cant watch the videos :(
-
had to stop using the mod cuz many users cant watch the videos :(
Ok, I think I have a few ideas ;)
lets try this first: undo step 1.4
then find in includes/functions.php: $media = $site_template->parse_template("media/".$file_extension);Insert above: $site_template->register_vars(array(
"media_src" => ($encrypt) ? $site_sess->url(ROOT_PATH."show.php?pic=".encrypt_add($media_src)) : $media_src,
"media_src_original" => $media_src,
));
See if it works now.
If it doesn't, lets try to add this code instead: $sess_mode = $site_sess->mode;
$site_sess->mode = "get";
$site_template->register_vars(array(
"media_src" => ($encrypt) ? $site_sess->url(ROOT_PATH."show.php?pic=".encrypt_add($media_src)) : $media_src,
"media_src_original" => $media_src,
));
$site_sess->mode = $sess_mode;This should defenetly work (I'm 99% sure) ;)
Let me know if it works, and if it does, then with which code.
-
Insert Quote
how do I implement the codes in
« Reply #1 on: March 24, 2005, 03:39:31 AM »
http://www.4homepages.de/forum/index.php?topic=6997.msg30699#msg30699
(It's the first reply under this subject, Pic Security)
1) In which folders should I place the 3 files? (.htaccess, read_image.php and view_image.php)
2) Are there any other files I have to modify to activate the code? And if so, what modifications should I make?
No-one who knows?
-
sorry but i guess still doesnt work :( i get the unspecified error... and when i copy and paste it on windows media player it does say expired
-
Well, the problem now is in the plugin FF uses. Now the error states:
No combination of filters could be found to render the stream. (Error=80040218)
This means the MPlayer2 plugin that FF uses can not play .wmv format...try search on internet how to display videos in FF.
-
In the mean time, if the pasting activity expires, it might (highly) be possible this action is due to copyrighted-bytes recording. This year, encryption video method has increased. ;)
-
ok... somehow i just went to check again and its working, on both, opera and firefox
8O
using this code
$sess_mode = $site_sess->mode;
$site_sess->mode = "get";
$site_template->register_vars(array(
"media_src" => ($encrypt) ? $site_sess->url(ROOT_PATH."show.php?pic=".encrypt_add($media_src)) : $media_src,
"media_src_original" => $media_src,
));
$site_sess->mode = $sess_mode;
-
theres only one thing now... the ecard function! i tried the code you posted before but it doesnt do anything :S
-
it doesnt do anything
Could you be more specific ? :?
-
well the link its still there no encryption sorry for not giving the details :D
-
i tried the code you posted before
And which code is that? link please.
-
I just wanted to share with the public with another way to secure pictures, that I made long time ago and successfuly have been using on my site. It hides location of the pictures and adds antileech as well.
.......................
This works fine, but while picture loads you can see the path to the picture at the bottom of the browser (IE) for a short time (some seconds).
Is there a way to hide this path showing up in the browser ?
-
If one can remmember 32 random letters and numbers in that one second, then hell, let him have the picture! :lol:
If you really want to hide the address, just search google, there are plenty javascripts that can do that. (the bottom part of the browser called "status bar" ;))
-
Hi
Thanks VA@NO for this great job you have done so far, it was what I wanted. But I have a problem. When user wants to send e-card, this message comes up:
Parse error: parse error, unexpected ',' in /home/baybak/public_html/cardaz/postcards.php on line 149
I heve modified it as you have written, rest is OK but this one !!
If I put the original file back, it works but it shows the URL of images that I do not want to.
.
-
Hi again,
There was a problem in implementing the codes, SHAME I did not see it first, an extra "," . now I fixed it and the page shows properly.
:D :oops:
-
I got it work.
I have realised problems in e-card function (postcard.php) that is out of the coverage of your PIC security.
1- the URL is easy to be seen in source code (I have right click prevented) but View > Source is working
2- the image is being downloaded (just in e-card, not in other pages)
.
-
Hi!
That unfasten may be have to does not team so that does he not record the users the 4images-?
-
Hi,
Great mod.
I´ve instaled, and it works 100%.
The only question for this mod is:
Is there any way to use the mod among with "smaller detail picture (to save traffic)" --> phpthumb.php ??
Regards,
Antonio
-
P.S. this method has few down-sides:
- the script returns the original media path when the media is not an image (.avi, .zip, etc) or when media is remote.
I am a little confused, Does this mean that if I only have videos on my site, that this mod would work at all for protecting my wmv videos?
Thanks,
Mark
-
Well, kind of...it will not show the reall path in the page source, but when the "fake" file accessed, the script will send redirection to the reall path. So, theoreticaly if you try open the "fake" address directly in the browser, you might be able see the real path (it depence on the browser and its settings).
But if you are having problem with this, you can try replace if (!$image_info = @getimagesize($file) || is_remote_file($file) || !$mime = $mime_type_match[get_file_extension($file)][0])
With: if (is_remote_file($file) || !$mime = $mime_type_match[get_file_extension($file)][0])
It will not redirect to real path, as long as the file is local (not remote) and its mime type present in upload_definitions.php (which it should)
But, be careful with this, if the file is too big, your server might run out of memory and fail
-
any chance we can add your security mood [ show.php ] on new version of 4images 1.7.4.
i try allready but i got error on
=========================
[color=Red]this line is 540 ->[/color] "media_src" => ($encrypt) ? ROOT_PATH."show.php?pic=".encrypt_add($media_src) : $media_src,
"media_src_original" => $media_src,
"media_icon" => $media_icon,
the browser said :
Parse error: parse error, unexpected T_STRING, expecting ')' in C:\myweb\htdocs\dream\includes\functions.php on line 540
i'm using PHP Version 5.1.6
-
Thanx for the great tips :)
-
I installed the mod "hides location of the pictures and adds antileech" , it have no error but doesn't work.
I view in page source code i still see the real path name such as : the string " url(./data/media/3/DSC_4743.jpg) " in details.php in source code .
I use 4images 1.7.4, IE 7.0 & Firefox 2.0.0.4
Pls help me. I really need it to protect my images.
Thanks
-
Hi,
How this code will work on wap browser? Whereas most wap browser does not support cookies.
-
Cooler MOD.
Klappt super
Dickes Danke - Gruß Steffen
-
Hi all...,
I'm very new to this 4images and PHP things..
really great software.., easy to setup and runs in no time.
configuring.. and security needs more patience..
anyway..,
I've seen sites where we cannot right click and save images..
when we right click it only shows a small gif file.
I'd like to implement this setting to my group's website.. batamphotoclub.co.cc
really appreciate if anybody is kind enough to direct me to a site / docs of how to get it setup..
I've looked at Pic Security thread.., but can't seems to find that settings.
thank you!
-
I've seen sites where we cannot right click and save images..
when we right click it only shows a small gif file.
I think this is what you are looking for:
mask the {media_src} url (http://www.4homepages.de/forum/index.php?topic=6997.msg30703#post_nonono)
-
I think this is what you are looking for:
mask the {media_src} url (http://www.4homepages.de/forum/index.php?topic=6997.msg30703#post_nonono)
thank's very much...
how could I miss that one..
:oops:
-
Thank Vano!
-
OK,that is useful for me..
.
-
martrix wrote:
It would be very nice, if somebody could write how to add this nonono.gif modification to 4images and how to mask the {media_src} url.
it's pretty much simple
open templates/<yourtemplate>/media/jpg.html (this example for jpg.html template, but u'll need do same thing for all others templates for images)
Replace
<img src="{media_src}" border="1" alt="{image_name}"{width_height} />
with:
<table style="background: url({media_src}) no-repeat; background-position: center center" cellpadding="0" cellspacing="0">
<tr>
<td><img src="{template_url}/images/spacer.gif" border="1" alt="{image_name}"{width_height} /></td>
</tr>
</table>
asume that u have spacer.gif file in /templates/<yourtemplate>/images/ folder.
V@no..,
how to get the same effect to thumbnail images..?
right-click and all it gets is a spacer.gif file and link.
thanx!