A very good way to stop this from happening is add another layer of security by encrypting the jpg or other file with a password key using basic encryption routines. Here I have written both encryption and decryption examples. You have to make the first file yourself, ex1.jpg etc, but you get the idea.
Code: Select all
<?php
/*
encryptK.php by Kristoffe Brodeur. ©2011 All Rights Reserved.
04-05-2011
*/
//-----
function encrypt($origStr,$eKey,$disp=false)
{
$encStr="";
$lenO=strlen($origStr);
//
for($e=0;$e<$lenO;$e++)
{
$origC=substr($origStr,$e,1);
$currKeyChr=substr($eKey,($e%strlen($eKey))-1,1);
$newC=chr(ord($origC)+ord($currKeyChr));
$encStr.=$newC;
}
//
if($disp===true)
{
echo "[end]$encStr<br>";
echo "[end]".base64_encode($encStr)."<br>";
}
return base64_encode($encStr);
}
//-----
function decrypt($encStr,$eKey,$disp=false)
{
$decStr="";
$encStr=base64_decode($encStr);
$lenO=strlen($encStr);
//
if($disp==true)
{
echo "decrypt[$encStr]<br>";
}
//
for($e=0;$e<$lenO;$e++)
{
$origC=substr($encStr,$e,1);
$currKeyChr=substr($eKey,($e%strlen($eKey))-1,1);
$newC=chr(ord($origC)-ord($currKeyChr));
$decStr.=$newC;
}
return $decStr;
}
//-----
function encFile($fileO,$fileE,$key)
{
//
if(file_exists($fileO))
{
echo "[orig jpg]$fileO<br>";
$fileStr=file_get_contents($fileO);
$encStr=encrypt($fileStr,$key);
//
if($encFile=fopen($fileE,"c"))
{
file_put_contents($fileE,$encStr);
fclose($fileE);
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
//-----
function decFile($fileE,$fileD,$key)
{
//
if(file_exists($fileE))
{
$fileStr=file_get_contents($fileE);
$decStr=decrypt($fileStr,$key);
//
if($decFile=fopen($fileD,"c"))
{
file_put_contents($fileD,$decStr);
fclose($decFile);
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
//-----
$testKey="y6u6";
$testStr="abcdefghijklmnopqrstuvwxyz";
$testEncStr=encrypt($testStr,$testKey,true);
$testDecStr=decrypt($testEncStr,$testKey,true);
//
encFile("orig.jpg","enc.jpg",$testKey);
decFile("enc.jpg","dec.jpg",$testKey);
?>
<html>
<body>
<hr />
[orig]<?php echo $testStr;?><br>
[enc]<?php echo $testEncStr;?><br>
[dec]<?php echo $testDecStr;?><br>
<h3>Jpg encode | decode test</h3>
<p>To start this program, you will need to make a jpg image and call it 'orig.jpg' in the same folder as this file as a test.</p>
<p>The original jpg is encrypted with the password, and then saved encoded. It will never read and will look like a bad file even to those with access to a hidden folder. Only with the decode process and a key will the viewer allow the decoded jpg. A great use is to not write to the server, but send a mime type jpg that reads and decodes the image back to the php request so it is totally dynamic.</p>
<table>
<tr>
<td valign="top">[orig]<br><img src="orig.jpg" width="400px" /></td>
<td valign="top">[enc]<br><img src="enc.jpg" width="400px" /></td>
<td valign="top">[dec]<br><img src="dec.jpg" width="400px" /></td>
</tr>
</table>
</body>
</html>