1

I'm wondering how to add hash to the image to display the image only if hash exists?

Here is an existing example where this logic is implemented http://193.0.171.27/13/80/98/1504890831/1531993942_square.jpg?hash=pPGpdsy8NJK1w0sq04Xjzw&expires=64060578000

The image above is displayed only if the hash is present in the url otherwise the image is forbidden.

Is anyone knows how to do it?

oxyd
  • 89
  • 1
  • 9

1 Answers1

2

Well I see two possibilities, you can rewrite all your image links and serve it from php, for example like this:

Before:

<img src="yourimagefolder/1531993942_square.jpg" />

After:

<img src="/getimages.php?n=1531993942_square.jpg&hash=somehash" />

So you can just ask if hash is set and valid, then return the image via php, here you'll find some examples: fpassthru(). If this is the solution you want, you have to put a .htaccess file to you image directory, so no one can directly access the image.

.htaccess

Deny from all

The other solution would be take the links how they are and do a rewrite with .htaccess, here you will find some information:

Example (how it could work):

Filetree

public_html
    |--images
       |-- example.jpg
       |-- .htaccess
       |-- image.php
    |-- file that include the images
    |-- some other files
    |-- ....

.htaccess

RewriteEngine on
RewriteRule (.*?\.jpe?g|png|gif|ico|bmp)$ image.php?image=$1&%{QUERY_STRING} [L,NC]

image.php

$serveFile = false;
if( isset( $_GET["image"] ) && isset( $_GET["hash"] ) ) {
    // check hash, just for example used md5
    $image = trim( $_GET["image"] );
    $file = dirname( __FILE__ ).'/'.$image;
    $imagehash = md5( $image );

    if( $imagehash === trim( $_GET["hash"] ) && file_exists( $file ) ) {
        // serve the file
        $serveFile = true;
    }
}

if( $serveFile ) {
    // BEWARE you have to send the right header,
    // maybe create an array with the content types for extensions
    // or get a mime type function which returns this i.e.:image/jpg or some other type
    header("Content-Type: image/jpg");
    header("Content-Length: " . filesize( $file) );
    readfile( $file );
//  exit;
} else {
    // just sends a header, maybe you have to output a 403 page
    header('HTTP/1.0 403 Forbidden');
    // here you can include your own 403 page
    // include "/path/to/my/403.html";
    exit;
}

You should adjust the .htaccess to your needs.

Community
  • 1
  • 1
swidmann
  • 2,787
  • 1
  • 18
  • 32
  • Concerning rewrite all images and serving them through php I guess it would be too heavy for the server especially if the image size is big and I have millions of images.. I was meaning my question regarding the existing example I have mentioned. As you can see they are using direct path to the JPG without php in between. And the question - How do they did this? – oxyd Nov 19 '15 at 09:20
  • Well then you have to go the htacces way, because someone needs to validate the given hash, this can only be done with a script, I think it this case with a PHP script – swidmann Nov 19 '15 at 09:28
  • and do you know by chance any php function how to perform the validation and how to serve the images? – oxyd Nov 19 '15 at 09:33
  • I've updated my answer, with a small approach how it could be solved – swidmann Nov 19 '15 at 10:27
  • Thanks a lot for your answer! – oxyd Nov 19 '15 at 10:34