Show External Images Without Hotlinking!

Many websites rely on information from other websites to run. This is fine when it comes to text, but when using images, most webmasters don't like you hotlinking their pictures. Hotlinking is when you place an image on your website that is not stored on your website. This uses up the image host's bandwidth, which is something they don't like!

So, how would you go about putting an image on without hotlinking? Well, you could download it from the website, and upload it ont your own, but this is time consuming, and many websites have dynamically updating content, which means you wouldn't be able to.

We're going to create a script that'll show any image, without hotlinking!

 

Simple version:

This version simply gets the image off the site, and displays it. Place this script in a new .php page. To access the image, you can go to page.php?url=image_url. (Where page.php is the ppage the script is on, and image_url is the full url of the image you want to display (including http://)

 

<?phpheader('(anti-spam-(anti-spam-content-type:)) Image/PNG');//Tells the browser to display this file as a png format image$url = $_GET['url'];//Sets the variable $url to whatever was in the ?url= parameter$image = imagecreatefromgif($url);//Gets the image at $url, and stores it in the variable $imageimagePNG($image);//Writes the image at $image onto the page?>

Complex version:

This version is the same as the simple version, except it's designed to let you add things onto the image, e.g. a frame, watermark, etc.

 

<?phpheader('(anti-spam-(anti-spam-content-type:)) Image/PNG');$url = $_GET['url'];list($width, $height) = getimagesize($url);//creates a list of variables, and sets them to the width and height of the image at $url$extimage = imagecreatefromgif($url);//Stores the image at $url in the variable $extimage$image = imagecreate($width, $height);//Creates a new image, where the width and height is the same as $url's width and height$transparency = imagecolorallocate($image, 1, 1, 1);imagecolortransparent($image, $transparency);//Sets a colour for the background, and makes it transparent. Hopefully this colour (#010101) does not occur in the image at $url. If it does, those parts of the image will appear transparent.imagecopy($image, $extimage, 0, 0, 0, 0, $width, $height);//This places a copy of the image at $url into $image//Any other code, for anything you may want to add to the image should go hereimagePNG($image);?>

If you get content dynamically from a website that may contain images, and you want to use this script with it, you can use the following code:

 

$string = str_replace('<img src="', '<img src="[b]page.php[/b]?url=', $string);

(Where $string is the text dynamically taken from the page, and page.php is the page where the image script is located)

 

 

P.S. Inside the headers, it says "(anti-spam-(anti-spam-(anti-spam-content-type:)))". Take out the '(anti-spam-' and the ')'. The forum changes it, for some reason.

Edited October 16, 2007 by vujsa
Placed all code in the CODE tag (see edit history)

This is great but you are technically still hotlinking. You are stealing someone else's bandwidth and probably graphic creation for your benefit. While the tutorial shows a very interesting method of obtaining and using someone else's images, the fact remains that every time your page displays the image, the server has to download it from the original server!

 

What is even more interesting, since you transfered the image from their server to yours, both you and the owner's bandwidth is used. That is how it works... When the server uploads or downloads something for your account, every bit goes against your monthly bandwidth total so not only did you use up the owner's bandwidth, you used the same for yourself. BUT, you then transfered that image to the user's browser which is another transfer.

 

It ends up that for a 5MB file, the owner used 5MB and you used 10MB of bandwidth.

 

Remember, just because you get around someone's hotlinking protection doesn't mean that it is right or that it doesn't cost anybody anything in the long run.

 

If you wanted to do this without directly impacting the hosts bandwidth, you should write the script to save the file on your server in the process. Then the next time it is to be displayed, the script would check to see if there was a local version to use first!

 

It wouldn't be hard to modify the script to save a local copy and use it when available. Just ask...

 

Other than all of that, nice tutorial and script. Thanks for sharing.

 

vujsa

lol thats a cool way to get around actually showing its hotlinking, lolbut when someone that has say cpanel goes in the bandwidth thing and you no how it has sites that are linking to your site or anything like that, would it still show?

I believe, although I could be wrong, that cpanel will not list that as a linking site. Because it is done via php, it is not exactly a link, in the usual sense. But I don't know enough about how cpanel determines what is linking to be able to state for sure.I was thinking along the same lines as vujsa for the hotlinking issue. This is still hotlinking, and you could modify the script to first check if there is a local version. However, for dynamically updating images, this still creates a problem. I thought of two ways to deal with this. The first is to use an HTTP request to get information about the image file, it's last modified date, creation date, etc. which uses up a lot less bandwidth than actually getting the image. If there is a new image up, grab it then show the local version. Otherwise, just show the local version. While still expensive to your bandwidth, it is far less expensive for the other server.Another way to deal with dynamic content is to look for when content is designated to expire (the same way caches deal with this issue) and regrab the content when it has expired. In this way, your site will be acting similarly to cache for the remote server.~Viz

I too feel that this is still hotlinking...

 

Also beyond that...sites which just copy content from other sites and that is all in my opinion are simply steeling content, which is not right....now if they linked to the content, as opposed to stealing it (more like a digg type site), that is fine...but when I see all these blogs that copy my whole article constantly one right after another...i get a little mad at them...and not only that but they use a lot of my bandwidth because they hotlink all the images (just like this script hotlinks)...

 

I am currently in the process of writing a script that won't allow you to hotlink images from my site (and so far it seems to be working fairly well, just need to make sure it is secure). Because honestly....all these sites that steal content from others sites, as their content...drive me nuts...

It's important to remember, though, that there are a lot of sites that freely allow you to take their content and reuse it. I even have some content from some of these sites. However, because the webhosts don't provide unlimited bandwidth or the site's administrator isn't paying for that much bandwidth, hotlinking is still problematic. So hotlinking is always bad unless specified otherwise, even for content you are allowed to take.~Viz

I too feel that this is still hotlinking...

 

Also beyond that...sites which just copy content from other sites and that is all in my opinion are simply steeling content, which is not right....now if they linked to the content, as opposed to stealing it (more like a digg type site), that is fine...but when I see all these blogs that copy my whole article constantly one right after another...i get a little mad at them...and not only that but they use a lot of my bandwidth because they hotlink all the images (just like this script hotlinks)...

 

I am currently in the process of writing a script that won't allow you to hotlink images from my site (and so far it seems to be working fairly well, just need to make sure it is secure). Because honestly....all these sites that steal content from others sites, as their content...drive me nuts...

There are sites that need content from other websites to run, but you wouldn't say it's stealing it. Take my website for instance, a Habbo Hotel fansite. It still has original content, but I need to get images and information from the Habbo Hotel website, for stats, pictures, etc.

On another note, you're just asking for a denial of service attack...all I'd have to do is find a nice big linux iso to request over and over again until your bandwidth is all used up (or your php chokes and crashes on trying to create a png image from an image file). Might want to try sanitizing the inputs to your script and make sure only requests up to a certain size are honored, as well as some interval transfer limits for clients so they can't do this.

hummm... It is interesting, but i dont liked.. first because i wont like that someone "steal" my bandwidth so i wont do this for anyone. second because you borrow yours users.. every time they open your page they have to download the image, it means that the cache page dont works in this case. but, i liked this topic! 0.o? haisuhsihiusahuishuisha i mean i dont liked your method but u show something treatment of images and i will use much of this.. so thanks for this topic and.. well, I do not advise use this method x)

Many websites rely on information from other websites to run. This is fine when it comes to text, but when using images, most webmasters don't like you hotlinking their pictures. Hotlinking is when you place an image on your website that is not stored on your website. This uses up the image host's bandwidth, which is something they don't like!

So, how would you go about putting an image on without hotlinking? Well, you could download it from the website, and upload it ont your own, but this is time consuming, and many websites have dynamically updating content, which means you wouldn't be able to.

We're going to create a script that'll show any image, without hotlinking!

 

Simple version:

This version simply gets the image off the site, and displays it. Place this script in a new .php page. To access the image, you can go to page.php?url=image_url. (Where page.php is the ppage the script is on, and image_url is the full url of the image you want to display (including http://)

 

<?phpheader('(anti-spam-(anti-spam-(anti-spam-content-type:))) Image/PNG');//Tells the browser to display this file as a png format image$url = $_GET['url'];//Sets the variable $url to whatever was in the ?url= parameter$image = imagecreatefromgif($url);//Gets the image at $url, and stores it in the variable $imageimagePNG($image);//Writes the image at $image onto the page?>

Complex version:

This version is the same as the simple version, except it's designed to let you add things onto the image, e.g. a frame, watermark, etc.

 

<?phpheader('(anti-spam-(anti-spam-(anti-spam-content-type:))) Image/PNG');$url = $_GET['url'];list($width, $height) = getimagesize($url);//creates a list of variables, and sets them to the width and height of the image at $url$extimage = imagecreatefromgif($url);//Stores the image at $url in the variable $extimage$image = imagecreate($width, $height);//Creates a new image, where the width and height is the same as $url's width and height$transparency = imagecolorallocate($image, 1, 1, 1);imagecolortransparent($image, $transparency);//Sets a colour for the background, and makes it transparent. Hopefully this colour (#010101) does not occur in the image at $url. If it does, those parts of the image will appear transparent.imagecopy($image, $extimage, 0, 0, 0, 0, $width, $height);//This places a copy of the image at $url into $image//Any other code, for anything you may want to add to the image should go hereimagePNG($image);?>

If you get content dynamically from a website that may contain images, and you want to use this script with it, you can use the following code:

 

$string = str_replace('<img src="', '<img src="[b]page.php[/b]?url=', $string);

(Where $string is the text dynamically taken from the page, and page.php is the page where the image script is located)

P.S. Inside the headers, it says "(anti-spam-(anti-spam-(anti-spam-(anti-spam-content-type:))))". Take out the '(anti-spam-' and the ')'. The forum changes it, for some reason.

Very good code -simple and effective- but you are still doing hotlinking, i will test it in a while to see if it works correctly and if it can be blocked.

 

Best regards,

That's a cool way even though, technically you're still hotlinking though lol. I find that unless the images are insanely huge, it shouldn't be a problem just to host it yourself. Or just upload it to imageshack. I have flickr pro, which has unlimited uploading, so I can shove as many pictures, and display it on other sites. It's a pretty cool tutorial though.

I just test this cool code to see if it works correctly and i found that it works perfectly, but it can be blocked even if you enable the Hotlinking protection that comes with CPanel, if someone know how to block this please share with us the solution.Also with few changes it can work with other images files like JPG, PNG, etc.Best regards,

I'm not sure there is a way to block scripts like this in general. This particular one, yes, but not in general. The reason is that web browsers still need to be able to download the images to show to people visiting your site. Scripts can easily pretend to be known browsers, and then there is no good way to prevent this kind of hotlinking.~Viz

I never quite realised when I wrote the script, that it still hotlinked. I was trying to prevent it hotlinking at the client end, and I forgot all about the server end.I use this kind of scripts on my own website, getting images from a site where you're allowed to. I don't know if this is just me, but I don't like putting images on a page where the src="" is from another website. It just doesn't seem "clean" to me. But maybe that's just me being weird.