PHP GD水印水蛭
我想知道是否有人可以为我提供一种教程或源代码,以便如果人们窃取我的网站图像并将其嵌入到他们的论坛或网站中,它会显示水印,但如果他们在我的网站上查看它他们不会是水印吗?
I was wondering if someone can provide me with a tutorial or source code of a way to make it so if people are leeching my sites images and embedding them in their forums or sites it will show a watermark, but if they view it on my site their wont be a watermark?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
尽管 Piskvor 100% 正确,但我只想添加如何在 PHP 中获取引荐来源网址。
使用
$_SERVER['HTTP_REFERER']
获取客户端发送的 Referer 标头。如果您的网站是“www.example.com”,则引荐来源网址应始终使用“www.example.com”作为域名。现在,为了验证域名,我们使用
parse_url()
来解析 URL到一个数组中,并提取不同的部分。它返回一个数组,我们称之为$url
,要获取域名,请使用$url['host']
。现在将其与您自己的域名进行比较,以确保它位于您的域中。完整示例:
Although Piskvor is 100% correct, I would just like to add how to get the referrer in PHP.
Use
$_SERVER['HTTP_REFERER']
to get the Referer header sent from the client. If your website is "www.example.com", the referrer should always have "www.example.com" as the domain name.Now, to validate the domain name, let's use
parse_url()
to parse the URL into an array, and extract the different parts. It returns an array, let's call this$url
, and to get the domain name, use$url['host']
. Now compare this to your own domain name to ensure that it is on your domain.Full example:
首先,简单介绍一下 HTTP
HTTP 本质上是 Web 的核心协议 - 用于传输超文本(网页)、图像和其他媒体。从一开始,HTTP 就被设计为无状态 - 除此之外,这意味着无法确定图像请求是否“属于”一个页面或另一个页面。
HTTP 中基本上有两种解决方法,但都不是 100% 可靠:cookie 和 Referer 标头。
使用 cookie,您可以在用户访问您的页面时设置 cookie,然后在提供图像时检查该 cookie。这样在第一次进入页面时可能会遇到并发问题。
通过
Referer
,浏览器会在图像请求中发送加载图像的 URL。不幸的是,引用者可以很容易地被用户或安全软件修改或删除。这对您意味着什么,
我建议您使用 Referer 字段 - 尽管它不是 100% 可靠,但大多数人不会费心去弄乱它,而那些费心的人,好吧,他们会克服任何其他保护。
您需要通过脚本(例如 PHP)提供图像。
http://example.com/img.php?id=12345 - 伪代码检查 PHP 水印本身:
First, a small detour into HTTP
HTTP is, essentially, the core protocol of the Web - used to transfer hypertext (web pages), images and other media. From the beginning, HTTP was designed to be stateless - amongst other things, this means that it's not possible to find if a request for an image "belongs to" a page or another.
There are basically two workarounds for this in HTTP, but neither is 100% reliable: cookies and the Referer header.
With cookies, you could set a cookie when a user accesses your page, and then check that when serving the images. This may run into concurrency problems when entering the page for the first time.
With
Referer
, the browser sends in he request for the image an URL from which the image is loaded. Unfortunately, the referer can be easily modified or removed by the user or by security software.What that means for you
I suggest that you use the Referer field - although it's not 100% reliable, most people won't bother messing with it, and those who will bother, well, they would overcome any other protection.
You'll need to serve your images through a script (e.g. PHP).
http://example.com/img.php?id=12345 - pseudocode for the check, PHP for the watermark itself:
对于大图像,Piskvor 的答案是对服务器资源的负担过重。还可能存在客户端缓存影响,不必要地增加延迟。
相反,我会在 .htaccess 文件中实现引用检测,以便引用中包含您的域名或空引用的所有请求都直接发送到图像,而不进行 PHP 处理。任何其他情况都意味着热链接,因此将提供水印脚本。
For large images Piskvor's answer is too heavy on server resources. There may also be client caching implications increasing latency unnecessarily.
Instead I would implement the referral detection in a .htaccess file so that all request with either your domain name in the referral or empty referral go straight to the image with no PHP processing. Any other case means a hotlink, and therefore would be served the watermark script.