views:

43

answers:

3

I'm developing a script that will allow people to generate a banner for them to use. It's customizable. During the customization process, I'd like to be able to have the banner reload on the spot. So they could see the changes. Once they create the banner and are completely done with it I would give them a link for them to use. This link be a cached version of the banner and would recache every so often. Is there any way I can prevent them from abusing my on-the-spot generation to prevent excessive server load? Is there a way that I can make it so only my JavaScript can regenerate it? And it'd be even better if there were some sort of tool to do this for me. ;)

Any help is greatly appreciated! Thanks!

A: 

Too general question. First, check out what you can do with the GD functions. You can resize, crop, merge and do some other basic image processing stuff, so if you were thinking about filters photoshop-like, it won't work. (As long as I can tell)

Then, if you want to make it work in JS there will be a small issue: you will have to process it both in JS and PHP so the thing the user sees in the browser is the same it will be processed with PHP.
There is no easy image processing in JS (mainly because of IE), so I'd start looking for documentation. I haven't checked it out, but perhaps RaphaëlJS could be a good start.

metrobalderas
This isn't exactly what I was asking. Essentially I wanted a way so that only my JavaScript could access the image generation functions directly or a way of limiting their use.
kmark937
A: 

Maybe you could generate some sort of key in Javascript and have PHP validate it?

Louis
I was considering this myself. The only problem would be that if I used any kind of key to make it, it would be visible in the source code.
kmark937
+1  A: 

The question seems pretty vague. To begin with, limit the dimensions of the image you are processing. Larger images mean more server load and more memory consumption. Additionally, you can:

  • Limit the number of requests per session.
  • Use anti-bot mechanisms (check session variables, cookies and referrer etc).

I had made a banner maker tool in the past but it was a part of portal website that requires registration and login so i didn't bother if the script could be abused.

Salman A
This is probably my best bet. Limiting requests per session and then require a CAPTCHA every so often afterwards. Like how some software tries to prevent against brute-force password cracking.
kmark937
CAPTCHA could be frustrating. If you opt to use captcha, use them only one per session. Also google for "honeypot fields" and "non-visual captchas".
Salman A