msolomos
asked on
This is really tricky!!! Give me your lights!
We have develop a web site http://www.kefalonia-photos.com/
People can buy, shell photos .
----------------------
I have put lots of effort and lots of script to prevent image toolbar , disable right click etc etc.
-----------------------
my only problem is that if someone right click on a photo (http://www.kefalonia-photos.com/default.asp)
from properties he gets image page (e.g. http://www.kefalonia-photos.com/images/RIVER_small.jpg)
so if he play a little bit , at the end he will have this http://www.kefalonia-photos.com/images/RIVER.jpg
if you paste that http://www.kefalonia-photos.com/images/RIVER.jpg on IE it gives you the whole picture!!!!!!
------------------
so much effort for nothing!
-------------------------- -
Anyone has any ideas how i can prevent that ?
maybe with file permissions for folder images ???
pls tell me your opinion! Any different ideas will be more than welcome ...
-----------------
If possible , i don't want this question to be listed on a public area
thanks in advance
makis
People can buy, shell photos .
----------------------
I have put lots of effort and lots of script to prevent image toolbar , disable right click etc etc.
-----------------------
my only problem is that if someone right click on a photo (http://www.kefalonia-photos.com/default.asp)
from properties he gets image page (e.g. http://www.kefalonia-photos.com/images/RIVER_small.jpg)
so if he play a little bit , at the end he will have this http://www.kefalonia-photos.com/images/RIVER.jpg
if you paste that http://www.kefalonia-photos.com/images/RIVER.jpg on IE it gives you the whole picture!!!!!!
------------------
so much effort for nothing!
--------------------------
Anyone has any ideas how i can prevent that ?
maybe with file permissions for folder images ???
pls tell me your opinion! Any different ideas will be more than welcome ...
-----------------
If possible , i don't want this question to be listed on a public area
thanks in advance
makis
ASKER
oh thanks !
maybe i said it right ...
if they save the page .... they get the thumbs ...
playing a little bit ...trying some adress will get to /images
---------
retype my questions
can i prevent directly access to folder /images and its contents ?
makis
maybe i said it right ...
if they save the page .... they get the thumbs ...
playing a little bit ...trying some adress will get to /images
---------
retype my questions
can i prevent directly access to folder /images and its contents ?
makis
If you want to secure your images don't rely on the browser to do it for you. Most browsers can disable javascript altogether and some browsers (like Mozilla Firefox) can disble javascript which disables/changes the context menu. Any html/javascript craftiness will only prevent uninformed people from stealing your images.
The solution to this problem is to use server side scripting to do the following:
- check a user's session variables to make sure they are authenticated
- lookup the image they are trying to view and see if they've purchased it.
- if the have then display the image.
- if they haven't, then watermark the image so that people can see what it looks like but can't actually use it (like with "www.kefalonia-photos.com" written across the image diagonally in big red semi-transparent letters) and display the watermarked image.
You'll need to do the following:
- move your images to a place that is not accessible to the internet so people can't reverse engineer the location and access it with a browser
- create a server side script in your favorite language (asp?) that returns the images after determining if the user has purchased the image and watermarked it if appropriate.
- change your <img> tags to point to the new script like this: <img src="image.asp?imageid=XXX XX">
Doing just a bit of googling I found this activex component which allows you to add text to images using asp:
http://www.xnview.com/
Using that component, the image.asp I mentioned above would look something like this:
-------------------------- ---------- ---------- ---------- ---
<!-- #include file="authenticat.asp" --> <!-- Im not gonna try and figure out how you authenticate -->
<script language=vbscript runat=server>
Function GetImage()
Dim img, path
' the GetImageFile function should return the path and filename
' of the image specified by imageid
path = GetImageFile(Request.Query string("im ageid"))
set img = Server.CreateObject("GflAx .GflAx")
img.LoadBitmap path
If Not (IsAuthenticated AND UserOwns(Request.Querystri ng("imagei d"))) Then
' watermark image
img.FontName = "arial"
img.FontSize = 13
img.TextOut "www.kefalonia-photos.com", 5, 5, RGB(255, 0, 0)
end if
img.Saveformat = 3 ' JPEG
Response.ContentType = "image/jpeg"
Response.BinaryWrite img.SendBinary
End Function
</script>
<% GetImage %>
-------------------------- ---------- ---------- ---------- ---------- ---------- ----------
Of course there is a lot of work that you'll have to do, such as authenticating users and verifying that they've purchased the image. Also, you may want to look into other asp objects... I'm sure there is one out there that lets you have rotated text so it displays over the entire image...
Good luck!
The solution to this problem is to use server side scripting to do the following:
- check a user's session variables to make sure they are authenticated
- lookup the image they are trying to view and see if they've purchased it.
- if the have then display the image.
- if they haven't, then watermark the image so that people can see what it looks like but can't actually use it (like with "www.kefalonia-photos.com" written across the image diagonally in big red semi-transparent letters) and display the watermarked image.
You'll need to do the following:
- move your images to a place that is not accessible to the internet so people can't reverse engineer the location and access it with a browser
- create a server side script in your favorite language (asp?) that returns the images after determining if the user has purchased the image and watermarked it if appropriate.
- change your <img> tags to point to the new script like this: <img src="image.asp?imageid=XXX
Doing just a bit of googling I found this activex component which allows you to add text to images using asp:
http://www.xnview.com/
Using that component, the image.asp I mentioned above would look something like this:
--------------------------
<!-- #include file="authenticat.asp" --> <!-- Im not gonna try and figure out how you authenticate -->
<script language=vbscript runat=server>
Function GetImage()
Dim img, path
' the GetImageFile function should return the path and filename
' of the image specified by imageid
path = GetImageFile(Request.Query
set img = Server.CreateObject("GflAx
img.LoadBitmap path
If Not (IsAuthenticated AND UserOwns(Request.Querystri
' watermark image
img.FontName = "arial"
img.FontSize = 13
img.TextOut "www.kefalonia-photos.com", 5, 5, RGB(255, 0, 0)
end if
img.Saveformat = 3 ' JPEG
Response.ContentType = "image/jpeg"
Response.BinaryWrite img.SendBinary
End Function
</script>
<% GetImage %>
--------------------------
Of course there is a lot of work that you'll have to do, such as authenticating users and verifying that they've purchased the image. Also, you may want to look into other asp objects... I'm sure there is one out there that lets you have rotated text so it displays over the entire image...
Good luck!
Well,
disabling right clicking do not stop anyone to access the source or anything on a page . You can achieve the same from the tool menu item of your browser.
The problem is that you store the images with the syntax small_<name of the image>.
-You could store the image on a private forlder and access them with a script after payement on your secure site.
-You could send the image by email after payement and not store the images at all on your web site.
-You could you use a database and provide a url to get the picture after payement
-You could generate an error 404 if someone access the url as http://www.kefalonia-photos.com/images/RIVER.jpg and redirect the url to your payrmrnt page.....
enough for today
regards
jose
disabling right clicking do not stop anyone to access the source or anything on a page . You can achieve the same from the tool menu item of your browser.
The problem is that you store the images with the syntax small_<name of the image>.
-You could store the image on a private forlder and access them with a script after payement on your secure site.
-You could send the image by email after payement and not store the images at all on your web site.
-You could you use a database and provide a url to get the picture after payement
-You could generate an error 404 if someone access the url as http://www.kefalonia-photos.com/images/RIVER.jpg and redirect the url to your payrmrnt page.....
enough for today
regards
jose
Hi
To keep your images safe from people try to access it from the browser, you can store all your images outside the webroot directory. Once your images is outside the root directory people will not be able to access it or download it, as http://www.kefalonia-photos.com/ will only point to the root and nothing above it. In order to access it, you will need to run some server-side script, ASP or PHP.
I've got an example code here for PHP, if you are using it.
create a file called "download.php" with the following code in it.
<?
$dir = "../images/"; //the directory is outside the web root folder, not accessible through web browsers
$file=$dir.$_GET['file'];
if (file_exists($file))
{
header("Content-type: application/force-download ");
header("Content-Transfer-E ncoding: Binary");
header("Content-length: ".filesize($file));
header("Content-dispositio n: attachment; filename=".basename($file) . "");
readfile("$file");
}
else
{
echo "image does not exist";
}
?>
on your download image link, you should have a path like this: http://www.kefalonia-photos.com/download.php?file=image_1.jpg
To keep your images safe from people try to access it from the browser, you can store all your images outside the webroot directory. Once your images is outside the root directory people will not be able to access it or download it, as http://www.kefalonia-photos.com/ will only point to the root and nothing above it. In order to access it, you will need to run some server-side script, ASP or PHP.
I've got an example code here for PHP, if you are using it.
create a file called "download.php" with the following code in it.
<?
$dir = "../images/"; //the directory is outside the web root folder, not accessible through web browsers
$file=$dir.$_GET['file'];
if (file_exists($file))
{
header("Content-type: application/force-download
header("Content-Transfer-E
header("Content-length: ".filesize($file));
header("Content-dispositio
readfile("$file");
}
else
{
echo "image does not exist";
}
?>
on your download image link, you should have a path like this: http://www.kefalonia-photos.com/download.php?file=image_1.jpg
ASKER
guys i think you got in all wrong.
---------------
All the above answers is things that i already have done! (user authentication, server side scripting, database driven, watermark, disable right click)
------------------
I am repeating my question again .
--------------------
If someone from this link http://www.kefalonia-photos.com/type.asp?iType=78
save as web page
-------------
it saves all the photos to computer .
--------------
looking at photos he will get something photo_small.jpg
----------------
so if he plays a little bit with Url of site etc etc he will go to www.kefalonia-photos.com/images/photo.jpg (directly and get the whole photo intact!
-----------------
My question is : Is there any way you can prevent the access to http://www.kefalonia-photos.com/images/file.jpg DIRECTLY ???
if this is done , then i am 100% accurate that no one can take the photos. But i need to prevent this
---------------
All the above answers is things that i already have done! (user authentication, server side scripting, database driven, watermark, disable right click)
------------------
I am repeating my question again .
--------------------
If someone from this link http://www.kefalonia-photos.com/type.asp?iType=78
save as web page
-------------
it saves all the photos to computer .
--------------
looking at photos he will get something photo_small.jpg
----------------
so if he plays a little bit with Url of site etc etc he will go to www.kefalonia-photos.com/images/photo.jpg (directly and get the whole photo intact!
-----------------
My question is : Is there any way you can prevent the access to http://www.kefalonia-photos.com/images/file.jpg DIRECTLY ???
if this is done , then i am 100% accurate that no one can take the photos. But i need to prevent this
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This product works with IIS to prevent direct linking to images. $29.95. http://www.dashtech.com/products/imgblock/
This ASP code will automatically redirect to another image if the request doesn't come from your website. http://www.aspfaq.com/show.asp?id=2276
Some other miscellaneous ways of protecting your images. Notice this site points out that there is no way to 100% protect your images but you can do things to make it more difficult. http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=41
This ASP code will automatically redirect to another image if the request doesn't come from your website. http://www.aspfaq.com/show.asp?id=2276
Some other miscellaneous ways of protecting your images. Notice this site points out that there is no way to 100% protect your images but you can do things to make it more difficult. http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=41
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Secondly, you said you disabled right-clicking so how can users get the path by right-clicking?
Thirdly, the only website I've seen that kept me from being able to get an image did a combination of things. First of all, disable right-clicking. Second, put the site in a frameset (with the top frame being just a pixel in height so it doesn't really take up space and appears invisible) so if they try to save the whole site, it just saves the top frame and not the one with the images. This also keeps them from viewing the source of the page.