phpbb2 security question with external images

Hi to everybody,

I run a phpbb2 forum and users can use bbcode to include external images (from other servers) inside their topics. recently i got a problem because a the browser opened a autentification window for some topics. The problem was that a directory from an external server with images needed autentification and since some images was connected with some topics the browser ask inside my forum for the autentification from the external image.

My question is: Can i avoid this somehow? Is there a way to adjust phpbb2 to not even try opening a extern content if there is a autentification needed? or is the only way to simply not allow external images inside my forum? (which would be bad)

thanks for some ideas in advance,

Oliver
Oliver2000Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hankknightCommented:
The only way for you to control this would be for you to use your server as a proxy.  Your server could load all the external images and then only display them if they were available.
0
Oliver2000Author Commented:
I am thinking about a php script that acctually load the images?

Something like <img src="image.php">
and make the image.php dont do anything else as to load the image? But I have no idea how to accomplish this really.

How i get my server to load external images first?
0
hankknightCommented:
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Oliver2000Author Commented:
Hi Hankknight,

just to understand you right. You mean to JUST pull the images through the proxy server right? not all content? Could work but i guess this is way more complicated as to only load the images via a php script.

how ever, thanks for the tip, i am going to take a closer look now into your idea.
0
Slick812Commented:
hello Oliver2000, , I would think a more simple way to check on the validity of an image URL would be to use the PHP CURL
you can see if the URL is there and see if it returns the correct content_type, and see if the http_code is 200 (you get a 401 for restricted access), you can try the code below, to test it out.
if you haven't used curl before, ask questions
<html><head><title>CURL File Info</title></head><BODY BGCOLOR="#E3F7FF"><center><h2>CURL File Info Page</h2>
<?php
error_reporting(E_ALL);
ini_set("log_errors",0);
ini_set("display_errors", 1);
$ch = curl_init();// use the curl
if ($ch) {
	curl_setopt($ch, CURLOPT_URL,'http://www.getimage.com/here/rest.gif');
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_TIMEOUT, 2); // you absolutely MUST place some time limit on the URL request
	$userAgent = 'Mozilla/4.4 (compatible; MSIE 6.1; Windows NT 7.0;)';
	curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);
	$contents = curl_exec($ch);//Execute the cURL session
	$info = curl_getinfo($ch);// here is the IMPORTANT info to see if success
// $info['http_code'] contains 200 if successful
//$info['content_type']  contains the type, as  html/text
	echo 'INFO http code: '.$info['http_code'].' -content_type: '.$info['content_type'].'<br />';
	if (curl_error($ch)) echo 'CURL ERROR: '.curl_error($ch).'<br />';//if error usually FAIL to get
	curl_close($ch);
	if ($info['content_type'] == 'image/gif') echo 'File is a GIF<br />';
	if ($info['content_type'] == 'image/jpeg')echo 'File is a JPG<br />';
	if ($info['content_type'] == 'image/png')echo 'File is a PNG<br />';
//only count as successful if content_type is one of three above
	}
?>
</center></body></html>

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Oliver2000Author Commented:
Excellent! Thats what i was looking for. Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.