How to Hotlink-protect images using PHP

Forum Moderators: coopster

Message Too Old, No Replies

How to Hotlink-protect images using PHP

without using the cPanel's hotlink protection

Gian04

9:07 am on Jun 20, 2007 (gmt 0)

I decided not to store images in a Table, but I want it be protected from hotlinking, I cant use the cPanel's hotlink protection because I want to share 1 or 2 of my banner to others (banner / link exchange).

As far as I know if you hotlink-protect your site, ALL request from other site will be rejected, so its not possible to share banner with others.

How can I address this in PHP?

mikeyb

9:30 am on Jun 20, 2007 (gmt 0)

Hi,

As fas as I can think you can't emulate hotlink protection with PHP.

If someone just went directly to an image e.g. www.yourdomain.com/yourpicture.jpg PHP would never be executed and they would see the picture.

I do know that the Hotlink protection in cPanel on my host you can add in a list of URLs that you'd like to allow Hotlinking so they don't get blocked, fine for a few other websites but not if you've got lots!

Cheers,
Mike

Habtom

9:37 am on Jun 20, 2007 (gmt 0)

Create a session id for every visitor, and if the session you create is valid, show the image with the image_id.

call_image.php?image_id=34 this should give you out the image name like image1.jpg

I hope this helps.

Habtom

mikeyb

9:51 am on Jun 20, 2007 (gmt 0)

Habtom,

This would work the 1st time anyone viewed the page.
From there they can then get the image name and then browse directly to it then bypassing the PHP.

Habtom

10:32 am on Jun 20, 2007 (gmt 0)

>> From there they can then get the image name and then browse directly to it then bypassing the PHP.

In that PHP file you can do a few things I guess.

1. Try checking the URL. If different than yours, deny.
2. put that file one step higher than the root ../display_image.php
And they won't get the chance to run the PHP file.

Habtom

mattclayb

11:25 am on Jun 20, 2007 (gmt 0)

If your running apache server, you can do what you need by configuring your .htaccess file.

You would do something like this to prevent hotlinking of images -

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif¦jpg¦js¦css)$ - [F]

replace mydomain.com with your domain name and only your domain will be allowed to access files appeneded by .gif .jpg .js or .css

you can add other allowed domaine with extra lines e.g. -

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?domain1.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?domain2.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?domain3.com/.*$ [NC]
RewriteRule \.(gif¦jpg¦js¦css)$ - [F]

hope this helps

Gian04

11:56 am on Jun 20, 2007 (gmt 0)

you can add other allowed domaine with extra lines

The problem is I cant always monitor who are those who want to put my banner to their site.

vincevincevince

12:01 pm on Jun 20, 2007 (gmt 0)

In that case, put your banner into another directory and exempt it from the protection entirely. Just the banner, nothing else. If you are finding it hard, put it in a subdomain - should be exempt automatically.

Gian04

12:32 pm on Jun 20, 2007 (gmt 0)

Are you sure if I put my banner on my subdomain and except it from hot linking it will be able to access by other websites? Remember Im excepting my sub domain and not the other websites and the one accessing my banner is the other sites not my sub domain?

Please clarify if it is really possible. Thanks