Protecting your images from use out of context

Main Content

Protecting your images from use out of context

Archive - Originally posted on "The Horse's Mouth" - 2010-08-29 10:06:01 - Graham Ellis

If you want to prevent your images from being "hotlinked" from someone else's site ... why not feed them out via a PHP script that checks the referrer? ... If you've arrived at this article via "www.wellho.net", you should see a clean image - and the image is at the url "http://www.wellho.net/demo/doggypic.php". However - if you go to the URL directly, or you access it embedded within another website - you'll see an image with the words "picture only available within web pages at http://www.wellho/net" overlaid onto it.

The script is a simple one:

<?php

header("Content-type: image/jpeg");

if (preg_match('/www\.wellho\.net/',$_SERVER[HTTP_REFERER])) {

  $file = "doginfield.jpg";

} else {

  $file = "dogstolenfromfield.jpg";

}

$stuff = file_get_contents($file);

print $stuff;

?>

... in fact, that's oversimple in the demo (and if you read it, you could find the images directly!!) and you would for a security script locate your .jpg files away from the document root ...