ionCube Logo
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


 
Post new topic   Reply to topic    ionCube Forum Index -> ionCube PHP Encoder

encoding non php files (*.gif, *.jpg. *.png)

Author Message
mno



Joined: 19 Feb 2006
Posts: 2

PostPosted: Sun Feb 19, 2006 4:03 pm    Post subject: encoding non php files (*.gif, *.jpg. *.png) Reply with quote

Hello dear support,

I tried to encode non php files (*.gif, *.jpg. *.png) with ioncube 6.5, it works. But after I transfered this files to my server, the pictures weren't shown.

Is it possible to encrypt this kind of php files in a way they are usable?
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2788

PostPosted: Sun Feb 19, 2006 8:17 pm    Post subject: Reply with quote

Hi

As image files are not PHP, they cannot be encoded as PHP files, however you can encrypt them using the Encoder's unique non-PHP file encryption feature.

Once the files are encrypted, your browser of course caanot decrypt the images, and as images are normally served directly by the web server, they cannot be decrypted there either. The encryption would in fact not be good if non-ionCube components could decrypt it!

The way to serve your encrypted image files is to use an encoded PHP wrapper, and for that to use the decryption feature built into the Loader API for restoring the image data and serving up the image. Your wrapper script may take the name of the image as a GET parameter, decrypt the corresponding file as a string, and echo the contents to the browser. An image tag might be something like
Code:

<img src="/images/get_image.php?i=someimage.jpg">
Whilst this will work very well, ultimately images will be received in their real form from the server, and there are several ways to take the image such as wget, or via the browser with right click, exploring the browser cache, or even taking a screen shot and mage cropping. Given that, it's not clear whether encrypting images would stop them being obtained via the webserver, but it would stop the images being used directly for sure.
_________________
Community Admin
Back to top
View user's profile Send private message
mno



Joined: 19 Feb 2006
Posts: 2

PostPosted: Mon Feb 20, 2006 9:17 pm    Post subject: Reply with quote

Hello Nick,

thank you for your information.

My aim is to avoid direct links from other websites to my pictures.

My question is now have an example of such an encoded PHP wrapper or a detailed description?

Thank you in advance.
Back to top
View user's profile Send private message
Fresshness



Joined: 02 Feb 2006
Posts: 26

PostPosted: Tue Feb 21, 2006 11:09 pm    Post subject: Reply with quote

mno wrote:
Hello Nick,

thank you for your information.

My aim is to avoid direct links from other websites to my pictures.

My question is now have an example of such an encoded PHP wrapper or a detailed description?

Thank you in advance.


Just wanted to give my 2 cents worth of information, take it as you see fit ;p

I don't think the safest way for preventing direct links is through PHP, but instead in the Apache (or the webserver you are using) configuration. I did some minor research on the subject and that's what I could come up with.

as for an example of a wrapper, check out this snippet:

Code:

$filename = "/path/to/image.png";

if(file_exists($filename)) {
        header("Pragma: public");
        header("Expires: 0");
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        header("Cache-Control: private",false);
        header("Content-Type: application/octet-stream");
        header("Content-Disposition: attachment; filename=\"".basename($filename)."\";");
        header("Content-Transfer-Encoding: binary");
        header("Content-Length: ".@filesize($filename));
        set_time_limit(0);
        @readfile("$filename");
}
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2788

PostPosted: Tue Feb 21, 2006 11:57 pm    Post subject: Reply with quote

This is the kind of thing, although you would typically want to parameterise the script so that the image filename was dynamic, e.g. set by a GET parameter, rather than hardcoded. If you do want to encrypt the image files, then the readfile() can be replaced with ioncube_read_file() to read either an encrypted or non-encrypted image, but it's not clear whether this is useful.
_________________
Community Admin
Back to top
View user's profile Send private message
floppydrivez



Joined: 14 Apr 2008
Posts: 4

PostPosted: Wed Mar 04, 2009 3:47 am    Post subject: Reply with quote

Using the above features would still enable right click saves wouldn't it nick? I am running a theme site which only allows purchases through paypal. I just can't figure a way to protect those themes with ioncube sorta fully.
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2788

PostPosted: Wed Mar 04, 2009 11:09 am    Post subject: Reply with quote

Our free HTML obfuscator can disable that, and you can find javascript snippets on the web to do it too, but for images, keep in mind that you can never stop someone taking a screen shot and then cropping that in m$osft paint to leach an image. You'd also need to disable caching so that it could not be taken from the browser cache, and code your site with protection techniques to stop someone using wget or a PHP script to download the image directly.

It's impossible to protect anything 100%, and while right click disabling would stop some people, it wouldn't stop someone who is determined to steal an image. Most importantly, disabling or modifying browser behaviour goes against good user interface design and can be really annoying for site visitors. There's nothing worse in my mind than doing a right click to pick an option off the menu (such as to go back) and there either to be no menu or a popup from someone who thought that they were being so clever to display a copyright message warning.

Other menu options such as "save page" can be found on other menus too and not just the right click context menu, and it might be possible to trigger them in other ways. You have to assume that someone will be able to get the HTML of the page, or even the underlying DOM data in the case of the firebug extension, and code security against site hacking into the application.
_________________
Community Admin
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    ionCube Forum Index -> ionCube PHP Encoder All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum