Link to home
Start Free TrialLog in
Avatar of msolomos
msolomos

asked on

This is really tricky!!! Give me your lights!

We have develop a web site http://www.kefalonia-photos.com/

People can buy, shell photos .

----------------------
I have put lots of effort and lots of script to prevent  image toolbar , disable right click etc etc.

-----------------------
my only problem is that if someone right click on a photo (http://www.kefalonia-photos.com/default.asp)
from properties he gets image page   (e.g. http://www.kefalonia-photos.com/images/RIVER_small.jpg)

so if he play a little bit , at the end he will have this http://www.kefalonia-photos.com/images/RIVER.jpg

if you paste that http://www.kefalonia-photos.com/images/RIVER.jpg on IE it gives you the whole picture!!!!!!

------------------
so much effort for nothing!
---------------------------

Anyone has any ideas how i can prevent that ?

maybe with file permissions for folder images ???

pls tell me your opinion! Any different ideas will be more than welcome ...

-----------------
If possible , i don't want this question to be listed on a public area
thanks in advance
makis


Avatar of nan1217
nan1217

First of all, this is a public forum.

Secondly, you said you disabled right-clicking so how can users get the path by right-clicking?  

Thirdly, the only website I've seen that kept me from being able to get an image did a combination of things.  First of all, disable right-clicking.  Second, put the site in a frameset (with the top frame being just a pixel in height so it doesn't really take up space and appears invisible) so if they try to save the whole site, it just saves the top frame and not the one with the images.  This also keeps them from viewing the source of the page.
Avatar of msolomos

ASKER

oh thanks !

maybe i said it right ...

if they save the page .... they get the thumbs ...
playing a little bit ...trying some adress will get to /images
---------
retype my questions

can i prevent directly access to folder /images   and its contents ?

makis


If you want to secure your images don't rely on the browser to do it for you.  Most browsers can disable javascript altogether and some browsers (like Mozilla Firefox) can disble javascript which disables/changes the context menu.  Any html/javascript craftiness will only prevent uninformed people from stealing your images.

The solution to this problem is to use server side scripting to do the following:
- check a user's session variables to make sure they are authenticated
- lookup the image they are trying to view and see if they've purchased it.
- if the have then display the image.
- if they haven't, then watermark the image so that people can see what it looks like but can't actually use it (like with "www.kefalonia-photos.com" written across the image diagonally in big red semi-transparent letters) and display the watermarked image.

You'll need to do the following:
- move your images to a place that is not accessible to the internet so people can't reverse engineer the location and access it with a browser
- create a server side script in your favorite language (asp?) that returns the images after determining if the user has purchased the image and watermarked it if appropriate.
- change your <img> tags to point to the new script like this: <img src="image.asp?imageid=XXXXX">

Doing just a bit of googling I found this activex component which allows you to add text to images using asp:
http://www.xnview.com/

Using that component, the image.asp I mentioned above would look something like this:
-----------------------------------------------------------
<!-- #include file="authenticat.asp" --> <!-- Im not gonna try and figure out how you authenticate -->
<script language=vbscript runat=server>
  Function GetImage()
    Dim img, path

    ' the GetImageFile function should return the path and filename
    ' of the image specified by imageid
    path = GetImageFile(Request.Querystring("imageid"))

    set img = Server.CreateObject("GflAx.GflAx")
    img.LoadBitmap path

    If Not (IsAuthenticated AND UserOwns(Request.Querystring("imageid"))) Then
      ' watermark image

      img.FontName = "arial"
      img.FontSize = 13
      img.TextOut "www.kefalonia-photos.com", 5, 5, RGB(255, 0, 0)
    end if

    img.Saveformat = 3 ' JPEG

    Response.ContentType = "image/jpeg"
    Response.BinaryWrite img.SendBinary
  End Function
</script>
<% GetImage %>
--------------------------------------------------------------------------------------

Of course there is a lot of work that you'll have to do, such as authenticating users and verifying that they've purchased the image.  Also, you may want to look into other asp objects... I'm sure there is one out there that lets you have rotated text so it displays over the entire image...

Good luck!
Well,
disabling right clicking do not stop anyone to access the source or anything on a page . You can achieve the same from the tool menu item of your browser.

The problem is that you store the images with the syntax small_<name of the image>.

-You could store the image on a private forlder and access them with a script after payement on your secure site.
-You could send the image by email after payement and not store the images at all on your web site.
-You could you use a database and provide a url to get the picture after payement
-You could generate an error 404 if someone access the url as http://www.kefalonia-photos.com/images/RIVER.jpg and redirect the url to your payrmrnt page.....


 enough for today
regards
jose

Hi

To keep your images safe from people try to access it from the browser, you can store all your images outside the webroot directory. Once your images is outside the root directory people will not be able to access it or download it, as http://www.kefalonia-photos.com/ will only point to the root and nothing above it. In order to access it, you will need to run some server-side script, ASP or PHP.

I've got an example code here for PHP, if you are using it.

create a file called "download.php" with the following code in it.

<?
      $dir = "../images/"; //the directory is outside the web root folder, not accessible through web browsers
      $file=$dir.$_GET['file'];
      if (file_exists($file))
      {
         header("Content-type: application/force-download");
         header("Content-Transfer-Encoding: Binary");
         header("Content-length: ".filesize($file));
         header("Content-disposition: attachment; filename=".basename($file). "");
         readfile("$file");
      }
      else
      {
         echo "image does not exist";
      }
?>

on your download image link, you should have a path like this: http://www.kefalonia-photos.com/download.php?file=image_1.jpg
guys i think you got in all wrong.
---------------
All the above answers is things that i already have done! (user authentication, server side scripting, database driven, watermark, disable right click)

------------------
I am repeating my question again .
--------------------
If someone from this link http://www.kefalonia-photos.com/type.asp?iType=78
save as web page

-------------
it saves all the photos to computer .

--------------
looking at photos he will get something    photo_small.jpg

----------------
so if he plays a little bit with Url of site etc etc he will go to www.kefalonia-photos.com/images/photo.jpg    (directly and get the whole photo intact!

-----------------
My question is : Is there any way you can prevent the access to http://www.kefalonia-photos.com/images/file.jpg   DIRECTLY ???

if this is done , then i am 100% accurate that no one can take the photos. But i need to prevent this

ASKER CERTIFIED SOLUTION
Avatar of minichicken
minichicken

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This product works with IIS to prevent direct linking to images.  $29.95.  http://www.dashtech.com/products/imgblock/

This ASP code will automatically redirect to another image if the request doesn't come from your website.  http://www.aspfaq.com/show.asp?id=2276

Some other miscellaneous ways of protecting your images.  Notice this site points out that there is no way to 100% protect your images but you can do things to make it more difficult.  http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=41
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial