带水印的PHP GD水ech
[英]PHP GD leech with watermark
问题描述
我想知道是否有人可以向我提供一种制作方法的教程或源代码,以便使人们窃取我的网站图像并将其嵌入其论坛或网站中时会显示水印,但是如果他们在我的网站上查看它他们不会成为水印吗?
3 个解决方案
解决方案1
4 2010-08-21 13:52:43
Although Piskvor is 100% correct, I would just like to add how to get the referrer in PHP. 
尽管Piskvor是100%正确的,但我只想添加如何在PHP中获得引荐来源网址。
Use $_SERVER['HTTP_REFERER'] to get the Referer header sent from the client. 使用$_SERVER['HTTP_REFERER']获取从客户端发送的Referer标头。 If your website is "www.example.com", the referrer should always have "www.example.com" as the domain name. 如果您的网站是“ www.example.com”,则引荐来源网址应始终以“ www.example.com”作为域名。
Now, to validate the domain name, let's use parse_url() to parse the URL into an array, and extract the different parts. 现在,为了验证域名,让我们使用parse_url()将URL解析为一个数组,然后提取不同的部分。 It returns an array, let's call this $url , and to get the domain name, use $url['host'] . 它返回一个数组,我们将其称为$url ,并使用$url['host']来获取域名。 Now compare this to your own domain name to ensure that it is on your domain. 现在将其与您自己的域名进行比较,以确保它在您的域中。
Full example: 完整示例:
$referrer = $_SERVER['HTTP_REFERER'];
$url = parse_url($referrer);
if($url['host'] == 'www.example.com')
{
// Is from www.example.com
}else{
// Is from other website
}
解决方案2
3 已采纳 2010-08-21 07:01:05
First, a small detour into HTTP 首先,绕道HTTP
HTTP is, essentially, the core protocol of the Web - used to transfer hypertext (web pages), images and other media. HTTP本质上是Web的核心协议-用于传输超文本(网页),图像和其他媒体。 From the beginning, HTTP was designed to be stateless - amongst other things, this means that it's not possible to find if a request for an image "belongs to" a page or another. 从一开始,HTTP就被设计为无状态的 -除其他外,这意味着无法找到对图像的请求是否“属于”页面或其他页面。
There are basically two workarounds for this in HTTP, but neither is 100% reliable: cookies and the Referer header. 在HTTP中,基本上有两种解决方法,但都不是100%可靠的:cookie和Referer标头。
With cookies, you could set a cookie when a user accesses your page, and then check that when serving the images. 使用cookie,您可以在用户访问您的页面时设置cookie,然后在提供图像时进行检查。 This may run into concurrency problems when entering the page for the first time. 首次进入页面时,这可能会遇到并发问题。
With Referer , the browser sends in he request for the image an URL from which the image is loaded. 使用Referer ,浏览器Referer发送对图像的请求,从中加载图像。 Unfortunately, the referer can be easily modified or removed by the user or by security software. 不幸的是,用户或安全软件可以轻松修改或删除引用程序。
What that means for you 这对你意味着什么
I suggest that you use the Referer field - although it's not 100% reliable, most people won't bother messing with it, and those who will bother, well, they would overcome any other protection. 我建议您使用Referer字段-尽管它不是100%可靠的,但大多数人都不会打扰它,而那些会打扰的人会克服任何其他保护措施。
You'll need to serve your images through a script (eg PHP). 您需要通过脚本(例如PHP)提供图片。
http://example.com/img.php?id=12345 - pseudocode for the check, PHP for the watermark itself: http://example.com/img.php?id=12345-用于检查的伪代码,用于水印本身的PHP:
check if the image with given ID exists, else throw a 404 and end
check the referer - if it matches your site, just readfile() the relevant image and exit
if we're here, referer is wrong - you'll need the watermark:
// PHP code from now on
$original = imagecreatefromjpeg($original_image_path);
$watermark = imagecreatefromjpeg($watermark_image_path);
imagecopymerge ( $original, $watermark, 0,0,0,0, $watermark_width, $watermark_height, $opacity);
header('Content-Type: image/jpeg');
imagejpeg($original);
exit;
解决方案3
0 2011-08-16 22:30:33
For large images Piskvor's answer is too heavy on server resources. 对于大图像,Piskvor的答案过于占用服务器资源。 There may also be client caching implications increasing latency unnecessarily. 客户端缓存的隐含含义也可能不必要地增加了延迟。
Instead I would implement the referral detection in a .htaccess file so that all request with either your domain name in the referral or empty referral go straight to the image with no PHP processing. 取而代之的是,我将在.htaccess文件中实现引荐检测,以使所有带有您引荐中的域名或空引荐的请求都直接转到不经过PHP处理的图像。 Any other case means a hotlink, and therefore would be served the watermark script. 任何其他情况都意味着一个热链接,因此将被提供给水印脚本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.