I am trying to extract images from flash on the following web-site: http://meijer.shoplocal.com/meijer/default.aspx?action=entryflash&storeref=120
I noticed that every time I click on "Next image", an images is requested from sever. Sample URL is http://akimages.shoplocal.com/dyn_rppi/740.0.75.0/meijer/large/110206os_o_003_T1C1_2pw26.jpg
So, this URL is exactly what I need, but I don't know how to extract all these URLs from the .swf file I have. I don't have any experience with flash, but I think that URLs should be in the .swf file. I tried "grep '110206os_o_003_T1C1_2pw26' adspage_slider-2.swf", but didn't get any result :(((
Ivan,
Did you try a Flash decoder? It should allow you to access the code and respective resources. Another possible and easier way would be to use Fiddler2 to extract the URLs that you have clicked from the swf file. Still, before you move further, make sure that you're not breaking any of the site's Terms and Conditions.
Related
I'm parsing data from other website, and question wether it's better to download images and show them on my own or just links to website images I parsed . Is the link to image by default slower then image from own source?
Couldn't find answer to the simple question. If question is discussable and doesn't belong here, someone comment down please in order to delete it.
Some rules of thumb:
Don't display content on your page which you 'source' from another site without the other sites permission. ('Share this' links provided by youtube are okay, directly linking to the .flv file of someones video from another site to display on yours is not).
Don't copy content from other domains onto your domain without their permission first (doing so would be a copyright violation).
So to answer your question: You should copy the content onto your domain/host, but only if they have given permission to allow this kind of use.
Edit: I am interpreting your question as "I am taking content from another website [and putting it on my own] and I am wondering if I should link directly to their content ( tags pointing to the other domain) or if I should download/copy the content to my website and have my server handle everything?"
The "technical" answer is "it depends on how good your host is compared to the other host when serving content to the average visitor". Compare a page run by Google vs. the same thing run on a home server behind a 56k modem. It matters if you have broadband, but if you're on a 33.3k modem it doesn't.
I need to create, for a specific project, an image manager that works via Ajax (to get the list of images, display them, ...).
The upload of new images, or image modification, is done via an Ajax script (using the new javascript File API).
The upload works fine, but I encounter a problem in case of image modification : the image displayed by the browser after upload is the cached one and not the uploaded one !!
I know it's a classic cache problem, that can be solved via the 'imagesrc?new Date.getTime()' hack, but I can't use it here.
in fact, this hack doesn't really reload the image, it only create a new instance of the image into the cache, associated to the image url 'imagesrc?new Date.getTime()'.
So, if at any moment, into the image manager, I retry to display the image, without adding the '?new Date.getTime()' to the src, it will display again the old image.
And I either cannot add this hack systematically (because, for example, if the image manager needs to display a lot of very heavy images, it's usefull to get them from the browser cache until they are modified).
I searched a way to solve this problem on internet (really replace the cached image after a javascript upload instead of using the above hack), but I found nothing.
Is there a way to do this, or is it totally impossible ?
Any help or suggestion would be greatly appreciated.
Many thanks in advance
Olivier
Configure your server to send ETag-headers for the images.
An ETag is a hash-value of the file that changes when the file is modified. If an ETag is sent, the browser will add an If-None-Match-header containing the last received ETag of that ressource on its next request and the server will respond with 304: not modified to save traffic if nothing has changed or send the new file if there is one.
I have a website that mostly contains images. I would like to redirect all jpg/gif/png links that appear in Google Images when someone clicks "View Original Image" to the post containing the image. Is there a way to do this in .htacess using mod_rewrite?
Google Images now just has an expanding wrapper containing a larger version of the image. It no longer gives you a preloaded "preview" page, the reason being to prevent redirection. As far as I know, this cannot be done. However ,you can prevent your image from appearing in Google Search.
If you are using Wordpress, something like the Imaguard plugin should do the job. And if you're not using WP at least you can download the source code here
http://wordpress.org/extend/plugins/imaguard/
And see how they did it. Seems to be checking for referrer and if not on their white list or local referrer, they redirect to an image with text over . Probably using GD plugin to add text on the fly.
I am implementing a project to my site to allow users to upload image files (ai, pdf, jpeg, gif, tiff). I know this can be very risky but I was wondering what kind of security checks I should put in place to make sure these files to not cause my site any harm.
OR
Should I use something like dropbox to upload my images? If I do this is it possible to get these images whenever I want so I can display them within the browser to the user?
image uploads are fine, because you know what you want: An image
First rule is never to trust the client, so let the user upload the file (maybe you want to add an upload size limit).
Second, you have to ensure that the image is really an image so
Check the mime-type of the file (don't go by the file extension, use a real mime type check like the file shell command or an appropriate library)
To really make sure the file is OK, Open and Reprocess it using an image library like GD, ImageMagick etc. and save it to disk (keep in mind this needs some resource!). This will also filter out corrupted images.
An uploaded file usually doesn't harm the site itself but the users who download the file.
I've come across with a file uploading part of a project I worked.
Some high-level suggestions to complement sled's answer:
The mime type is set on base of the file extension, so it's no useful (as the file has not been uploaded yet to the server, the mime type is just a 'guess' in base of his extension).
So solutions would be:
Do the content check client-side (before sending the http-request)
When you get the whole file by HTTP do the check server-side before persisting to the disk.
Other Suggestions:
The simple file extension check
(wheter by filename or mime-type) is
the basic secutiry measure that also
has to be present.
Folder permissions: Don't allow execute permissions, don't allow the user to create new folders (as it might create a sub-folder with executing permissions).
I'm trying to find a way of finding out who is downloading what image from an image gallery. Users can download using a button beside the thumbnail or right click and use the "save link as" Is it possible to relate a user session or ID to a "save link as" action from all browsers using either PHP or JavaScript.
Yes, my preferred way of doing this would be via PHP. You'd have to set up a script which would load up the file and send it to the user browser. This script would also be able to log the download somewhere (e.g. your database).
For example - in very rough pseudo-code:
download.php
$file = $_GET['file'];
updateFileCount($file);
header('Content-Type: image/jpeg');
sendFile($file);
Then, you just have your download link point to download.php instead of the actual file. (Note that updateFileCount and sendFile are functions that you would have to provide, of course - this script is an example of a download script which you could use)
Note: I highly recommend avoiding the use of $_GET['file'] to get the whole filename - malicious users could use it to retrieve sensitive files from your web server. But the safe use of PHP downloads is a topic for another question.
You need a gateway script, like ImageDownload.php?picture=me.jpg, or something like that.
That page whould return the image bytes, as well as logging that the image is downloaded.
Because the images being saved are on their computer locally there would be no way to get that kind of information as they have already retrieved the image from your system. Even with javascript the best I know that you could do is to log each time a user presses the second mousebutton using some kind of ajax'y stuff.
I don't really like the idea, but if you wanted to log everytime someone downloaded an image you could host the images inside a flash or java app that made it a requirement to click a download image button. That way the only way for them to get the image without doing that would be to either capture packets as they came into their side or take a screenshot.
Your server access logs should already have the request for the non-thumbnailed version of the file, so you just need to modify the log format to include the sessionid, which I presume you can map back to a user.
I agree strongly with the suggestion put forward by Phill Sacre. For what you are looking for this is the way to go.
It also has the benefit of being potentially able to keep the tracked files out of the direct web path so that they can't be direct linked to.
I use this method in a client site where the images are paid content so must be restricted access.