Hiding image url script

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to Hiding image url script

    Ok, i came up with something small.

    I will be taking it further, and brain storm on doing sql queries within the file, so that it can be used in gallery etc as well.

    Main reason for creating this little code was to hide the image url, because i don't want people to even know that such directory exists.

    hope you can find other uses for it as well.

    Just look at the example.

    If you do any mods on it, please repost here.

    Thank you


    image.php
    Code:
    <?php
    $image="path/to/quintins/file/image.jpg";
    header("Content-type: image/gif");
    echo  file_get_contents("$image");
    ?>
    Usege:
    Code:
    <img src="image.php" alt="Loading..." />
    Ok boys, so as i said, it hides the url.
    Also when you try and download the file, it will save it as php file which just shows a load of nonsense in the file.
    You get where i'm coming from?

    Enjoy

  • #2
    I would prefer to disable right click.

    Comment


    • #3
      Originally posted by thunderwap View Post
      I would prefer to disable right click.
      the code from Android404 is more professional, so that no one can find out the real location/path of the image, disabling right click works only for amateurs, people who don't know how to inspect the html code of your site with developer tools.

      Comment


      • #4
        I prefer using php, call me old school, but i don't think javascript and old cellphones work together, you could use another ultirnative, but i prefer to avoid javascript all together when it comes to mobile websites all together.

        Our newer phones all support javascript, but in my line of business i also focus on compatability.

        Comment


        • #5
          Old school phones just ignore the javascript if its not compatible, although disabling right click is pointless as user can just disable javascript.
          Although this way of hiding the source of the file it doesn't stop people hotlinking - and also if they do hotlink then it uses more cpu.

          People often make the mistake of also including the name of the file in the url eg: image.php?file=TrollFace.jpg
          A hacker can then use this to their advantage and change the url to something like this: image.php?file=../../index.php
          Yes you can download the victims full script

          A better way of doing it is a call to the database to get a unique identifier instead eg: image.php?file=4216228
          or alternatively Stop directory manipulation
          Last edited by something else; 12.09.15, 19:10.

          Comment


          • #6
            There are several ways to hide the url of the image. You can also put your image directory outside root/public html. use phpthumb etc..etc.. to retrieve the file..just use proper restrictions to prevent exploits.

            Comment


            • #7
              Originally posted by GumSlone View Post
              the code from Android404 is more professional, so that no one can find out the real location/path of the image, disabling right click works only for amateurs, people who don't know how to inspect the html code of your site with developer tools.

              I second the motion.. in addition, I encode all get functions in my script

              Comment


              • #8
                very nice....

                Comment


                • #9
                  I quite like this script: http://www.zubrag.com/scripts/download.php but it does need a little work to secure it.

                  Comment


                  • #10
                    I also think it's a great script good layout go for it bro and secure

                    Comment

                    Working...
                    X