Solved

Get remote image via curl

Posted on 2004-10-13
17
446 Views
Last Modified: 2013-12-12
Hi,
I have tried to use fsockopen to get an image from my 2 other sites, but the problem is, they are using a htaccess file which does not allow me to do so....so I think I will need curl or a function that forges the http refferer header so that it thinks you are requesting the page from that same domain

eg:
img to get http://blah.com/imgs/img22.jpg
forged header should be "http://blah.com"

then normally save the image in a folder....

I have also tried copy() but i am getting a 403 access error (because no referer header)

If you have any other ideas feel free to express them as i am totally lost, if you would like to see the code i used in my experiments please reply and say so and i'll post it

Thanks,
S
0
Comment
Question by:swedenboy
  • 8
  • 6
  • 3
17 Comments
 
LVL 27

Accepted Solution

by:
Diablo84 earned 62 total points
ID: 12297796
It sounds like you are trying to bypass hotlinking protection to leech another sites bandiwdth in which case i'm afraid we cannot help you.
0
 

Author Comment

by:swedenboy
ID: 12298066
Hi,
Not at all, but i can see why you would think so, I need to import some images from *only* my sites and only 1 image at a time, if you want I can give you proof that its my site, give me a image *of your choice* and i'll upload it to 3 of my servers then you can test it with curl or whatever...

Thanks,
S
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12298250
Ok, we have to check these things to make sure none of the rules are being violated.

Before looking to curl or any other method have you considered adding your domain (that you are trying to copy the images on) as a referer in the htaccess file. Adding an additional rewrite condition to the file will allow your domain to legitimately access the images without having to bypass the hotlinking protection.
0
 

Author Comment

by:swedenboy
ID: 12298367
Hi,
No problem, I use a .htaccess to make sure scum dont rob me so I understand.

I dont really understand what your wrote too well but let me give you an explanation of what I am trying to do:

1. Client submits his post of a cartoon page he created <done>
2. He has an option to upload a thumb/image or specify a remote image <done>
3. If he specifies a remote image, then he must specify the address <*NOT* done>
4. Grab the remote image, save to disk then via GD offer him resizeing options to create his thumbnail,save new thumbnail <GD part done>

since this app is not live, I am using our 3 servers which have hotlinking protection.

I hope i cleared up any confusion...

ideas?

Thanks,
S
0
 
LVL 49

Assisted Solution

by:Roonaan
Roonaan earned 63 total points
ID: 12299072
With the risk off sounding totally stupid:

hasn't your third server got a static ip?
wouldn't it possible to have that ip listed inside your .htaccess hotlinking protection such that the server gets access?

Another solution would be to just use a getimage.php, install it at server 1 and 2 and have the script verify and pass through images to server 3.

Regards

-r-
0
 

Author Comment

by:swedenboy
ID: 12299467
Hej Roonaan,
Dont worry about sounding stupid, I feel that way now after hitting my head against this problem for the past few hours.

If you look above you will see what I need this functionality for, presently I can do it with adding the ip...but later on when this goes live the client specifies 1 image and i should be able to save it to disk and resize it using GD to make a thumb, I cannot keep on writing to the htaccess file.

Thanks,
S
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 12299548
Then the easiest thing you could do - in my opinion - is to create a getimage.php script which for examples requires and extra key to retrieve the wanted image.

Then for example. server1/getimage.php?img=someimage&key=somekey would give access to someimage if the key is correct.

The key could be something like: md5(someimage.'hiddenkeyword')

You could then just use copy('server1/getimage.php?etc..','local/someimage') and have it stored and ready for thumbnailing.

I don't know if imagecreatepng/imagecreatejpeg support remote image calling, otherwise thumbnailing could even get more easy.

Regards

-r-
0
 

Author Comment

by:swedenboy
ID: 12299684
Hi,
Not so easy, I need to get the remote image, save it onto disk, then the client can resize it smaller and then the client can "cut" a portion of the image off which will be the thumb....

All the above steps are done except getting the remote image onto disk.

For example if you visit this url of my site
http://justxxx.adultbouncerhost.com/n1h/n1h2_r15_c14.jpg

you will get a http referrer error.... thats the problem.
The only way i see of being able to copy that image to my disk is to give the http referror as "http://justxxx.adultbouncerhost.com/"

Correct me if I am wrong....

Thanks
S
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:swedenboy
ID: 12300496
Hello again,
I have cracked it, its working when you forge the headers but now i realize how dangerious it is because it seems to work on every site and its leeching without a problem....even from my 3 protected sites.

Because of that I will not post the code here, but if anybody who has *already* tried to help me in this thread wants to see the code please write your email here and i'll post it to you.

eg: roonaan at something.com or Diablo84 at something.com

Because I know you are the good guys :-),  i will NOT share this code with anybody else so please dont ask.

Thanks,
S
0
 

Author Comment

by:swedenboy
ID: 12300528
I split the points between you guys for takeing the time and trying to help me.
Thanks,
S
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12300614
I would be interested to see what you have done, my address is in my profile.

|)iablo
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 12300743
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 12300767
That's an image of my emailadress. I feel more secure that way than having some [at] [dot] syntax :-)

-r-
0
 

Author Comment

by:swedenboy
ID: 12300837
No problem, I'll mail both you guys as I get back.

Roonaan, I am getting a image that says:
Masked for privacy at http://www.foreverland.nl/secumail/?2

If you want me to mail you plz think of some other way for me to get your addy.

See you later.
S
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 12300863
You probably where to quick for me. I had to grant access to view the image from this referrer. It displays fine when you click it from this page. I tried on my girlfriends pc.
0
 

Author Comment

by:swedenboy
ID: 12301113
Hey,

My firewall blocks my referrer from going out...maybe thats the problem?

options?

S
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 12301135
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now