-1

I need to load a given image with php, save it in a temporary location with a hashed name, push it to the user and then delete the temporary file on the server.

I basically need a way to stop users from being able to see, where a given image is stored on the server (where the original is stored).

I also need the user to be unable to block an image by its name, which is why i give it a new hashed name every time the user loads the page this image is on.

So step by step:

Load image. Save image with hashed current date and time as name. Forward image to user. Delete hashed image.

I don't think it should be to hard and i think i can figure something out myself, but i might miss a few points that might be of value.

Tips are very welcome.

Thanks,

Mark

Tommy Kaira
  • 53
  • 1
  • 7
  • What exactly does "forward to the user" mean? "Forward" in what way? Why aren't users allowed to see where it was stored? How would a user see at all where an image was stored? I'm very confused by what you're trying to do and what the problem in doing it is. – deceze Feb 25 '14 at 09:02
  • You never heard of Firebug or comparable web development tools? I need to put ads on a page in the form of images, images can be blocked by name, blocked by path, blocked by its surrounding parent element ID, name, class or even styling rules. I have found a couple of cool ways to make all of that impossible, except for the image itself, its path and name can always be blocked, but if i were able to make a hashed directory name and a hashed image name and this hash changes every second of the day, it would become impossible to block. – Tommy Kaira Feb 25 '14 at 09:15
  • However, endlessly making new directories with copies of files, would be self-destructive in the long run, ergo, I need to delete on disk once the user has the image in cache (which is what i meant with push to user). – Tommy Kaira Feb 25 '14 at 09:18
  • Yeah, overlooking the passive aggressive insult, see my below answer. You're barking up the wrong tree entirely. Even so, your entire domain can be blocked, so it's hardly going to matter how you shift your URLs around. Ads aren't typically blocked on an individual name basis, entire domains are usually blacklisted because most ad servers already serve ads from dynamic URLs, just out of necessity of having a ton of ads to serve. – deceze Feb 25 '14 at 09:25

1 Answers1

1

I need to put ads on a page in the form of images, images can be blocked by name, blocked by path, blocked by its surrounding parent element ID, name, class or even styling rules. I have found a couple of cool ways to make all of that impossible, except for the image itself, its path and name can always be blocked, but if i were able to make a hashed directory name and a hashed image name and this hash changes every second of the day, it would become impossible to block.

There's no need whatsoever for moving anything around. Also none of this has anything to do with security, only obfuscation. All you want is to have a random URL serve an image. All that's necessary for that is that your web server serves the image independently of what URL it was requested with. URLs have nothing to do per se with physical files on disk. A simple mod_rewrite directive for Apache can do that easily:

RewriteRule ^ myimage.jpg [L]

Put this into an .htaccess file in your image folder, and you can visit any URL like

example.com/img/awoi38nyqp9a084ntuq2309un200384hvt

and the response will always be the image file. You just need to keep making up random URLs. You can also rewrite all requests to a PHP file where you do some more interesting processing to figure out which file should be served.

See Reference: mod_rewrite, URL rewriting and "pretty links" explained

Community
  • 1
  • 1
deceze
  • 471,072
  • 76
  • 664
  • 811
  • There was never the intent to insult you, so I'm sorry if i did. Thanks for the great advice, i think this will work for me. Cheers, Mark – Tommy Kaira Feb 25 '14 at 09:32