tags:

views:

35

answers:

2

I was wondering if someone can provide me with a tutorial or source code of a way to make it so if people are leeching my sites images and embedding them in their forums or sites it will show a watermark, but if they view it on my site their wont be a watermark?

+3  A: 

First, a small detour into HTTP

HTTP is, essentially, the core protocol of the Web - used to transfer hypertext (web pages), images and other media. From the beginning, HTTP was designed to be stateless - amongst other things, this means that it's not possible to find if a request for an image "belongs to" a page or another.

There are basically two workarounds for this in HTTP, but neither is 100% reliable: cookies and the Referer header.

With cookies, you could set a cookie when a user accesses your page, and then check that when serving the images. This may run into concurrency problems when entering the page for the first time.

With Referer, the browser sends in he request for the image an URL from which the image is loaded. Unfortunately, the referer can be easily modified or removed by the user or by security software.

What that means for you

I suggest that you use the Referer field - although it's not 100% reliable, most people won't bother messing with it, and those who will bother, well, they would overcome any other protection.

You'll need to serve your images through a script (e.g. PHP).

http://example.com/img.php?id=12345 - pseudocode for the check, PHP for the watermark itself:

check if the image with given ID exists, else throw a 404 and end
check the referer - if it matches your site, just readfile() the relevant image and exit
if we're here, referer is wrong - you'll need the watermark:
// PHP code from now on
$original = imagecreatefromjpeg($original_image_path);
$watermark =  imagecreatefromjpeg($watermark_image_path);
imagecopymerge ( $original, $watermark, 0,0,0,0, $watermark_width, $watermark_height, $opacity);
header('Content-Type: image/jpeg');
imagejpeg($original);
exit;
Piskvor
+3  A: 

Although Piskvor is 100% correct, I would just like to add how to get the referrer in PHP.

Use $_SERVER['HTTP_REFERER'] to get the Referer header sent from the client. If your website is "www.example.com", the referrer should always have "www.example.com" as the domain name.

Now, to validate the domain name, let's use parse_url() to parse the URL into an array, and extract the different parts. It returns an array, let's call this $url, and to get the domain name, use $url['host']. Now compare this to your own domain name to ensure that it is on your domain.

Full example:

$referrer = $_SERVER['HTTP_REFERER'];
$url = parse_url($referrer);
if($url['host'] == 'www.example.com')
{
  // Is from www.example.com
}else{
  // Is from other website
}
Frxstrem