Asked  7 Months ago    Answers:  5   Viewed   25 times

Well, i have a web page where i am displaying few images. But my problem is that i don't want user to download or save those images. I can apply watermark to those images but that is alternative option. I can also disable right click but what if user saves the page?

Any alternative solution will also do?

Hope this question is clear?

 Answers

35

If the user can see the image, it's already on his computer. Saving it to a file or copying it to the clipboard is trivial and cannot be disabled in any reliable way.

If you want to keep control over the image, don't put it on the internet.
Watermarking is the best you can do.

Wednesday, March 31, 2021
 
codingb
answered 7 Months ago
77

I don't think that the problem is that you are using a shared host because I have found six others (degmsb, Benvolio, joomla01, DJ-Alien, valerione1979, and Kars) whose websites had the same script added. Also, it is doubtful that any of your files would be writable by others because files that are uploaded over FTP are subject to the file creation mode bits mask.

My best guess is that someone is cracking websites using either known exploits or exploits against common weaknesses, and that this person is identifying likely targets with Google hacking. degmsb's Wordpress website and Benvolio's Burning Board Lite website were likely cracked via known exploits (possibly known exploits of plugins to these software bases such as TinyMCE), and your website, since you wrote it yourself, was likely cracked via an exploit against a common website weakness.

Given that you allow file uploads (one of your PHP scripts accepts & saves files that are uploaded by your users), I would consider CWE-434: Unrestricted Upload of File with Dangerous Type. A CWE-434 exploit works like this: suppose you allow users to upload avatar images or pictures. The script to which uploaded images are POSTed might save the file to /images using the same filename that the user supplied. Now imagine that someone uploads x76x09.gif.php (or x76x09.gif.asp, x76x09.gif.php4, etc.). Your script will dutifully save this upload to /images/x76x09.gif.php and all that the cracker needs to do to have the server run this script is browse to /images/x76x09.gif.php. Even if the file is named x76x09.php.gif, some web servers will execute the file.

Another possibility is that the filename of the upload that PHP receives, $_FILES['upload']['name'], which is the filename value in the Content-Disposition header that is sent, was constructed to something like ..modulesx.gif. If your script saved the newly-uploaded file to str_replace('\', '/', '/images/' . basename($_FILES['upload']['name'])), or /images/../modules/x.gif on a non-Windows host (http://codepad.org/t83dYZwa), and there was some way for the user to cause one of your PHP scripts to include or require any script in the modules directory (say index.php?module=x.gif&action=blah), then the cracker would be able to execute arbitrary PHP.

EDIT: It looks like x76x09.php is some sort of unrestricted directory browser and file uploader. If a user manages to get this uploaded to your server, then they can basically do anything that you can do with your FTP access. Delete it.

EDIT2: Look for copies of this PHP source (the part gzuncompress(base64_decode("HJ3H...geFb//eeff/79z/8A"));). Remove it from all of your PHP scripts.

EDIT3: Googling parts of the PHP script, I have found several webpages where this source is listed verbatim, and all of these pages have something to do with file uploading functionality for the respective websites. It therefore seems very likely that the hacker of your website used a CWE-434 exploit.

Wednesday, March 31, 2021
 
petersaints
answered 7 Months ago
44

Save thumbnails to disk. Image processing takes a lot of resources and, depending on the size of the image, might exceed the default allowed memory limit for php. It is less of a concern if you have your own server with only your application running but it still takes a lot of cpu power and memory to resize images. If you're considering creating thumbnails on the fly anyway, you don't have to change much - upon the first request, create the thumbnail from the source file, save it to disk and upon subsequent requests just read it off the disk.

Wednesday, March 31, 2021
 
smiggle
answered 7 Months ago
22

You can try

$gd = @imagecreatefromstring(file_get_contents($file_path));    
    if ($gd === false) {
        throw new Exception ('Image is corrupted');
    }

It should work with most image formats known to gd. Also if you need specific error message you can use error_get_last().

@ will suppress error messages, and imagecreatefromstring tries to open known image formats. If this fails, $gd will have value 'false' and no error messages are thrown.

Edit:

Please not that in this example @ operator also will suprpess any errors from file_get_contents function.

Saturday, May 29, 2021
 
PHPWDev
answered 5 Months ago
32

Kiosk mode is what you are looking for! It was introduced in Android 4.2.

To enable kiosk mode, set this in your activity_main.xml:

<intent-filter>
<category android:name="android.intent.category.HOME" /> 
</intent-filter>

This question is most likely a dupe of: Develop app run in kiosk mode in android

Thursday, October 14, 2021
 
Kiran Yallabandi
answered 1 Week ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :