Protect image in browser php

Question

I have image in my page, which I want to protect by directly viewing from it's URL. Basically, I want to hide/encrypt image source.

<img src="www.mywebsite.com/media/1.jpg" alt="customer_id" />

I have disabled right click on the image by some sort of javascript. But, still one can get the image source from source code of the page.

I also tried by adding these attribute in image.

ondrag="return false"
ondragstart="return false"
oncontextmenu="return false"
galleryimg="no"
onmousedown="return false"

Is there any way to solve this problem? Thanks.

Answer 1

It is impossible to effectively hide it in HTML - but I think you are afraid that someone will see image that isn't his. My solution: move images to directory that isn't reachable from the web, for example if now they are in

/home/mywebsite.com/public_html/media/

move them into:

/home/mywebsite.com/media/

and serve them via PHP:

if($userIsLogged && $imageBelongsToUser) { //this is of cource pseudo code - only showing the idea

 header("Content-type: image/jpeg");
 $image=imagecreatefromjpeg('/home/mywebsite.com/media/1.jpg');
 imagejpeg($image);

}else{
 echo "error";
}

of course you must somehow store information about pair user/image.

Answer 2

There is no way to do this. Consider that your user could just open the tools panel of their browser and look at the URL that is sent over the wire.

If you really want to protect your source images, route them all through a single URL endpoint, say http:/mysite.com/img-gateway, and let the (possibly encrypted) POST data determine the image that will be returned. Of course the user could always save your image and repub at another URL, but at least that will stop hot-linking. Or, use a server extension of some kind that will respond with 403 Forbidden if a specific cookie is not present.