Jan 30

Use PHP, GD and .htaccess to Watermark All Images in a Directory

6 comments - Post a comment

The goal here is to watermark all images in a certain directory, except for thumbnails or other selection. You can either do this on each file prior to placing on your webserver - which is probably wise for CPU load issues - but let’s just say you want to do this for all files served in a single directory dynamically, a gallery for example.

The first step is to create a .png file with transparency which holds your watermark image. For this exercise, I’ve created this image:

tbwm.png

(I’ve added the border to stand the image out from the background of the page).

Here is the original image we are going to test with:

boratwow.jpg

After we have our watermark and sample image, we need to write a php file to use PHP’s GD function to apply this image to our original image. The particular function we use is imagecopy(). Here is the code I am using, I name it w.php:

<?php

$basedir="/home/user/public_html/com/gallery/";
$watermarkimage="tbwm.png";

$file=basename($_GET['i']);

$image = $basedir."/".$file;
$watermark = $basedir."/".$watermarkimage;

$im = imagecreatefrompng($watermark);

$ext = substr($image, -3);

if (strtolower($ext) == "gif") {
if (!$im2 = imagecreatefromgif($image)) {
echo "Error opening $image!"; exit;
}
} else if(strtolower($ext) == "jpg") {
if (!$im2 = imagecreatefromjpeg($image)) {
echo "Error opening $image!"; exit;
}
} else if(strtolower($ext) == "png") {
if (!$im2 = imagecreatefrompng($image)) {
echo "Error opening $image!"; exit;
}
} else {
die;
}
imagefilledrectangle($im2, 0 , (imagesy($im2))-(imagesy($im)) , imagesx($im2) , imagesy($im2) , imagecolorallocatealpha($im2, 0, 0, 0, 100) );
imagecopy($im2, $im, (imagesx($im2)-(imagesx($im))), (imagesy($im2))-(imagesy($im)), 0, 0, imagesx($im), imagesy($im));

$last_modified = gmdate('D, d M Y H:i:s T', filemtime ($image));

header("Last-Modified: $last_modified");
header("Content-Type: image/jpeg");
imagejpeg($im2,NULL,95);
imagedestroy($im);
imagedestroy($im2);

?>

This file is placed in the images directory.

Also in the images, create an .htaccess file with the following code:

RewriteEngine on
RewriteRule ^([^thumb].*\.[jJ].*)$ /com/gallery/w.php?i=$1

This tells the web server that instead of serving jpg files out of this directory, that we should instead process the filename with w.php and then serve to the browser. It also adds in a clause that if it starts with thumb_, that it will not run on this file. This is so it does not run on thumbnails.

Here is the resulting image, with watermark! This is served right out of an image directory with no watermark on the original picture:

Borat with watermark from php

Sep 17

ffmpeg PHP Extension Howto for CentOS

1 comment - Post a comment

If you need to compile ffmpeg for PHP (for example, to allow PHP to process video similar to how YouTube does) - then follow this Howto from Nazly. For a CentOS machine with custom PHP, it works great.

Ffmpeg PHP Extension Compile Instructions

Aug 07

New systemBash Theme

No comment - Post a comment

New theme with hopefully a better design!

<?php
echo "testing!";
?>

Drop me a line to let me know what you think!

Jun 27

Joomla! 1.0.12 Double Pathway Bug

3 comments - Post a comment

Joomla! 1.0.12 appears to have a pathway bug. If you use a component other than com_frontpage for the “Home page” of Joomla - meaning the first link in mainmenu and the page that appears when you load the root of the Joomla! site - then when you click on an article you get a “Double pathway”, for example the pathway will state “Home > Home > Title of article”. The Home, or whatever you named this link, part will be duplicated. It isn’t a big problem but it does look unprofessional on your site!

I looked for ages for a fix to this problem, and eventually found it but the site I can not find the site I originally downloaded this fix from. It is courtesy of Reinhard Hiebl - www.hieblmedia.de (whos site is in German, one reason why I’m saving it here). I thought I would throw it online here for your download. The fix is in two parts of code in /includes/pathway.php.

At line 54 in includes/pathway.php:

// Fix for dublicate home if home have childs //
// by Reinhard Hiebl -- www.hieblmedia.de //////
// get first published item
$query = "SELECT id"
. "\n FROM #__menu"
. "\n WHERE published = 1"
. "\n AND parent = 0"
. "\n AND menutype = 'mainmenu'"
. "\n AND access <= " . (int) $my->gid
. "\n ORDER BY ordering"
. "\n LIMIT 1"
;
$database->setQuery( $query );
$first_mitem = $database->loadResult( 'id' );
////////////////////////////////////////////////

And at line 284 in includes/pathway.php immediately after “$item =& $mitems[$mid];”:

// Fix for dublicate home if home have childs //
// by Reinhard Hiebl -- www.hieblmedia.de //////
if ( $item->id == $first_mitem && !$item->parent ) {
break;
}
////////////////////////////////////////////////

I also have the file zipped up so you can just replace includes/pathway.php with this file. Note that this is for version 1.0.12 only, so it might not work with previous or newer versions.

pathway.zip

Jan 26

Cacti remote exploit

No comment - Post a comment

There appears to be an exploit in the wild which is automating the Cacti Command execution and SQL Injection Vulnerability [see Secunia alert 23528]. Via this exploit, any server running an older version of Cacti from before December 28th.

Of course it’s always best to keep your software up to date. Other tricks to keep your system secure:

  • Do not use default directories. Instead of /cacti/, use /somethingcacti/. This will foil any scripts which find based on server IP and default location (scripts can still find via a search engine search).
  • Run apache using mod_security - this will try to catch SQL injection and remote command execution
  • Mount your temporary directory (usually /tmp) with NOEXEC flag. This will prevent any script kiddies who are able to exploit a vulnerability from running other programs from the /tmp directory that PHP usually dumps things to.

Let me know if you have any other tips like these!

Next Page »

  • Welcome to systemBash, a technology and system administration blog by David Drager. If you enjoy this sort of content, can can subscribe to the RSS using the link to the right.