0

Sorry for poor title, not sure how to explain it in few words:

I have a php page which handles images to present them nicely and keep statistics on view count.

If a user accesses the image url directly in their browser (i.host.com/image.jpg), the image is displayed on a custom page. The location 'i.host.com/image.jpg' isn't the actual location of the image.

In code, the image url is checked in the db to get the actual url of it, and then I do a header redirect to that actual url. The location of the actual url isn't constant because a user can use websites (that allow hotlinking) as sources (for uploading their pictures etc and the 'fake' image name is a name they've defined for it).

I'm doing this by something like the following: (very basic example of what I have)

//Code for updating view count stats etc removed
if(/a/ is in the image url){
    header("Location: $pathtoactualimage", true, 301);
} else {
    //In my actual code, this echo produces an entire html page, not just image tag.
    echo('<img src="http://i.host.com/a/image.jpg"/>');
    //note that this image tag requests image using '/a/' path
}

A regular image tag without the use of that 'a' path doesn't display the image because the url is being processed as an actual page instead of an image.

I'm wondering whether it's possible to determine if an image url like i.host.com/image.jpg is accessed directly through browser, or if that image url is being called through some code somewhere (somewhere includes other websites) so that I don't have to use this messy 'a' path workaround?

Sakuya
  • 660
  • 5
  • 23
  • That's not relevant to my question..? – Sakuya Oct 24 '15 at 02:39
  • `if(/a/ is in the image url){` yes it is. – Funk Forty Niner Oct 24 '15 at 02:42
  • That wasn't my question, that was just simplification of the code I already have hence `(very basic example of what I have)`. Read the last paragraph, it specifically states what my question refers to. – Sakuya Oct 24 '15 at 02:49
  • Can you explain me what your script is supposed to do? Like is it private images for a user that shouldn't be accessable through hotlinking or something? – icecub Oct 24 '15 at 02:51
  • I reopened your question but I'm still convinced that that was is what you need. Plus, in regards to the answer given; don't rely on `$_SERVER["HTTP_REFERER"]`. using `strpos` or `stripos` is far more reliable than that. – Funk Forty Niner Oct 24 '15 at 02:58
  • The script allows accessing an image directly by custom name like http://i.host.com/image.jpg but not treated as an image by the browser, it creates a gallery page similar to how something like imgur displays galleries. But I want that same url to be accessible through the use of an img tag to be displayed as an actual image either on other areas of the site or other websites entirely. I'm not sure how to make it use the same url, at the moment I use the '/a/' path to distinguish between the 2 methods of displaying the image, but this causes issues if the user doesn't include '/a/' in img tag. – Sakuya Oct 24 '15 at 03:18
  • So basicly you want the direct url to open up the gallery, but if it's included in an `` tag, simply return the image file? – icecub Oct 24 '15 at 03:25
  • Yep that's exactly what I'm after. – Sakuya Oct 24 '15 at 03:25
  • Technically this isn't possible, unless you use different urls like you do right now. However, it is possible if all `` tags are controlled by you. In that case you can write a source exception list to your image handler script. So if your own server requests the image, your script simply returns it instead of loading the gallery. You can add other server ip's to the list to do the same if you want to allow them to display the image on their website. – icecub Oct 24 '15 at 03:36
  • Anyway, the reason why this isn't normally possible is because your server cannot distinguish between a person requesting the file or a server requesting it by default. You need to use an image handler script to do that. Then that script can use the http referer to see if it has to load the gallery or simply redirect towards the image. – icecub Oct 24 '15 at 03:50

1 Answers1

0

Tldr..

I'll sum up..

Use an htaccess file to redirect all requests to your image folder to a handler script.

In your handler script, check to see if the referrer is your site using $_SERVER["HTTP_REFERER"]..

If so, direct to your image, if not do something else

I wrestled a bear once.
  • 22,983
  • 19
  • 69
  • 116