November 9, 2011 at 15:55

Image Save Protection

image
Hello dear Harrabuchiteli.
Some time ago, I faced a very, in my opinion, an interesting task. The essence of the task was that it was necessary to complicate the process of saving images from the site pages as much as possible. In this case, the pictures can be of different sizes.

The task is clear, let's proceed to its solution. In general, the process of saving a picture is quite simple: we right-click on it and select "Save Image ..." in the menu that opens (the inscription may differ in different browsers). Intercepting the right mouse button will partially solve this problem, but bypassing this restriction to disgrace is simple - turn off JavaScript and calmly call the context menu. In this case, it is enough to make the picture a background image:



But in this example, the fixed block size, and according to the conditions of the problem, the size can be any. PHP and the getimagesize () function come to the rescue here .
$size = getimagesize(ROOT."/img/Habrahabr_logo.png ");
$html = "
";
echo $html;

The task is practically solved, but the page code has a direct link to this image, by which it can be easily downloaded: you can simply copy the image address and paste it into the address bar of the browser and save it. But not everything is as bad as it seems at first glance. It is enough to write a simple script and through it give the image to the browser, while checking the referrer header, and if it is missing or different from example.ru, then give an error. It is worth noting here that to improve performance and security in solving this problem, information about the image was stored in a database. Each image had a unique identifier that could be passed to the script (image.php):

The images_db.php file contains an array with a description of the images, this is done solely for example:
 array("file_name" => "Habrahabr_logo.png",
                               "file_ext"  => "png",
                               "file_id"   => "123"),
                "124" => array("file_name" => "php-logo1.jpg",
                               "file_ext"  => "jpg",
                               "file_id"   => "124"),
                "125" => array("file_name" => "google-logo.gif",
                               "file_ext"  => "gif",
                               "file_id"   => "125"));
?>

Replace the direct link to the image in the code and the index.php file will look like this:
\r\n"; } echo $html; ?>
Now, when we directly access the example.ru/image.php?id=123 address, we get a picture no_image.jpg, since the referrer header is not transmitted.

There are two ways to pull out the picture: fake a request or take a screenshot. Unfortunately, I did not find a solution that could counter these methods. But protection from most inexperienced users is quite working.

I hope this information will be at least useful to someone.
Thanks for attention.

Sample sources
Tags:

Also popular now: