please read this carefully, hope you can help me with my paradigm ;)
Basic version, works like mint - - -
I have a php+gd script that generates an image from a given text , like so:
[img src="renderImage.php?text=John Doe" alt="Jonn Doe" /]
The output is an image that dispays pre-formated text on it. Let´s say 12px arial #000000
Then i add apache mod_rewrite to the equation, so that server try to access a cached image, and whether it wouldn´t existed, generate it through php script to get it generated (and saved as ¨John.png¨ ):
[img src="/images/cached/John Doe 2" alt="John Doe 2" /] <- this could be virtually transformed to -> [img src="renderImage.php?text=John Doe" alt="Jonn Doe" /]
Now, the advanced version - - -
The issue comes with two things:
1.-Modifiying the php script with a more customizable api:
[img src="renderImage.php?text=John Doe&size=36&font=verdana&color=FFFFFF" alt="Jonn Doe" /]
2.-As we are saving the images with an excerpt of their ´text´ placeholder (eg renderImage.php?text=John Doe as John.png), when we get images with similar ´text´ placeholders we can get similar file names eg:
[img src="renderImage.php?text=John Doe&size=36&font=verdana&color=FFFFFF" alt="Jonn Doe" /]
[img src="renderImage.php?text=John Doe was here !size=24&font=tahoma&color=333333" alt="Jonn Doe" /]
Both will save as John.png !
* Finally, the paradigm - - - *
How do i fix this? i have come down to one solution: Saving the images in php, with specific encrypted-like names, as:
Pepe pecas|31/12/2010|9:57|72/arial/FFFFFF.png
or
Pepe pecas|31122010|9:57|72arialFFFFFF.png
And then access them in markup as:
*[img src="/images/cached/JohnDoe_24arial333333.png" alt="John Doe" /]*
Which will be tranformed by apache making use of mod_rewrite regex to:
[img src="renderImage.php?text=John Doe&size=24&font=arial&color=333333" alt="Jonn Doe" /]
WHAT DO YOU THINK?
Why not do an MD5 hash of the whole query string and name the image that. This would be a fairly easy way to see if that combination exists.
You're going to waste a heck of a lot of disk space cacheing images if you allow utterly arbitrary combinations. What's to stop a malicious user from cycling through all 4 billion possible color codes, font sizes 1-200, and however many font faces? That "one" image will end up having 800+ billion images on your drive.
Especially if this is a public-facing page. It'd be trivial to write a spider to hit all possible combinations. At minimal bandwidth cost to the user, they'd exhaust your disk space and keep your CPU pegged generating useless images.
@Marc B, i´ll intend to use it to generate headers [h1][/h1]
@niggles, well this could work, i´d also add the text properties to the hash calculation to make texts more unique.
And what about hidding the script from users´ direct execution?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.