.htaccess and php - forced hotlinked image attribution

Fairly often people post images from this site onto bulletin boards, forums and sometimes even their homepage background. Such non-commercial usage is welcome so long as it is not a continuing bandwidth drain (see Blocking hotlinking from a single domain/referrer for ideas of how to stop unwelcome hotlinking).

However, it would be nice if people could see that the image came from this site without having to view the HTML source. That's what this page is about.

The code below writes a message of your choice onto the linked image in the location and colour of your choice. In this example 'http://www.your-domain-name.com' is written 10 pixels in from the left of the image and 5% of the height up from the bottom. NOTE: as nice as it would be to also create a link back to your site from the linking page it is not possible - the image is just an image and html will not be accepted in its place by the client.

What is needed is a fairly simple but powerful combination of .htaccess and php. The basic outline is this:

1. When a request comes into your server it checks to see that there is a referrer and then what that referrer is
2. If the referrer is not on the 'approved list' the request is invisibly (to the surfer ) redirected into the php page.
3. The php page opens the jpeg image, writes the requested message and sends it out to the web browser as a regular image - there is nothing in the file being sent out to suggest to the browser that it has just been manipulated.

The .htaccess redirection part

RewriteEngine on
RewriteBase /path/to/
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?your-domain-name\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?your-other-domain-name\.com [NC]
RewriteRule ^(.*)\.jpg attribution.php?file=$1.jpg [L]

Brief explanation: we only want to write the message onto external image requests - visitors to your site should not have 'http://www.your-domain-name.com' on any image that they view. The second line ensures that the browser is passing on a referrer field, if it is not then the image is either being viewed by someone that has typed the address in directly or the browser is just not passing the information on. We don't want to display the message to these people, they may be viewing from within the site. The following two lines establish wether the visitor is on one of the 2 domain names that point to this site or not - although if someone registers www.visit-me-at-your-domain-name.com and then hotlinked they would get through this elementary check. If these checks are passed ie. the referrer field is not blank and it doesn't match the two following lines then the RewriteRule line is executed (the exclamation mark is the symbol for not). The final line redirects the request for a jpg file to a php file. When a browser requests an image such as 'peru04/peruphoto/04050501.jpg' the request is passed on to 'http://www.your-domain-name.com/path/to/attribution.php?file=peru04/peruphoto/04050501.jpg'. This redirect is done silently on the server side. Very important is the flag on the end of the line, the [L] - this tells the server that no more rewrites should be performed on this request, ie. if this RewriteRule is run then this is the final rule. Without it when the php file requests the jpg the process runs into a loop.

The php section

The php section of code is more complicated than the htaccess segment but is still pretty simple.

<?php
$file=(isset($_GET['file']))?$_GET['file']:"";
$file = $_SERVER['DOCUMENT_ROOT'] . "/$file";
if (file_exists($file) and eregi("jpg$", $file)) {
	$img_size=getimagesize($file);
	$im = LoadJpeg($file);
	$msg = "http://www.your-domain-name.com";
	$color = imagecolorallocate($im, 255, 255, 204);
	imagestring($im, 3, 10, ($img_size[1]/10)*9.5, $msg, $color);
	header('Content-type: image/jpeg');
	imagejpeg($im);
} else {
	header("HTTP/1.0 404 Not Found");
}

function LoadJpeg($imgname) {
    $im = imagecreatefromjpeg($imgname);
    if (!$im) {
        $im  = imagecreate(150, 30);
        $bgc = imagecolorallocate($im, 255, 255, 255);
        $tc  = imagecolorallocate($im, 0, 0, 0);
        imagefilledrectangle($im, 0, 0, 150, 30, $bgc);
        imagestring($im, 1, 5, 5, "Error loading $imgname", $tc);
    }
    return $im;
}
?>

First the filename passed in is turned into a full path to the file, then we check that it exists. If it does then we get the size of the image so that the location within the image to place $msg can be calculated. Then we load the image ( or generate an error image if we failed to create it ), allocate the color to write onto the image with, write the string in , ensure that we send a good content header to the client and then throw out the image.

Works a treat, it's great to see our images attributed correctly around the net, while some sites are great about adding their attribution others are not. This in no way gives people permission to use them commercialy

¹Hotlinking

an external site inserting images/text inline from your site, normally without permission or attribution, this uses your bandwidth ( 'bandwidth leeching' ) and steals your work.  back

Blocking hotlinking from a single domain/referrer

Useful external links:

• Website Hosting - High bandwidth, high storage & great features from Website source
• Apache server codes and their meanings
• Simple htaccess ideas

© 2004     Dana & Andy Dopleach    info@bylandwaterandair.com     Site Map