Putting comments inside an image

toastyman · 27 May 2006 at 13:16

Hey to all,

Just wondering if anyone knows whether its possible to put comments inside a gif image using PHP?

Conrad11 · 27 May 2006 at 13:35

Yes its possible using the imagettftext function...

You have to link the font directly.

Example:

Code:

<?php

$destination_image = imagecreatefromgif('image.gif');
$size_of_text = 14;
$angle_of_text = 0;
$x_axis_of_text = 15;
$y_axis_of_text = 10;
$colour_of_text = imagecolorallocate($im, 0, 0, 0);
$font_of_text = "font.ttf";
$actual_text = "string of text here";

imagettftext($destination_image, $size_of_text, $angle_of_text, $x_axis_of_text, $y_axis_of_text, $colour_of_text, $font_of_text, $actual_text);

//*show image *//

?>

toastyman · 27 May 2006 at 13:43

Conrad11 said:

Yes its possible using the imagettftext function...

You have to link the font directly.

Example:

Code:

<?php

$destination_image = imagecreatefromgif('image.gif');
$size_of_text = 14;
$angle_of_text = 0;
$x_axis_of_text = 15;
$y_axis_of_text = 10;
$colour_of_text = imagecolorallocate($im, 0, 0, 0);
$font_of_text = "font.ttf";
$actual_text = "string of text here";

imagettftext($destination_image, $size_of_text, $angle_of_text, $x_axis_of_text, $y_axis_of_text, $colour_of_text, $font_of_text, $actual_text);

//*show image *//

?>

That would actually put the text inside the image wouldn't it.. so it's visible to the user? What i'm after is actually putting comments inside the actual file, so you can only view them by opening the gif image in say, notepad.

Sorry for not explaining clearly what I need!

Beansprout · 27 May 2006 at 15:34

Oooh, I get to use a fancy word now

What you're talking about is Steganography, the art of concealing information within other information. There's a list of some tools here and I'd guess that Wikipedia page also has lots of useful info.

toastyman · 27 May 2006 at 15:59

Excellent thanks. Just gotta find out if PHP can do this Steganography stuff.

Cheers

Beansprout · 27 May 2006 at 16:13

"PHP steganography" gave me this: http://puremango.co.uk/php_steg_src.txt

Not entirely sure why you'd want to do it, though, and it's also not as simple as text which is just visible from Notepad.

It depends....I can't remember any links I used to know about Steganography, or any of the techniques...it was a while ago that I looked at it all

Conrad11 · 27 May 2006 at 16:16

Cant you just encrypt a message?....why would you want to hide it in a image file?

toastyman · 27 May 2006 at 16:28

It's to do with a license system i'm making...

The main site has the ability to alter any files on the client sites. I thought it'd be a good and subtle way to suspend account using images.
E.g.
A license is valid if clear.gif has the following properties...1px x 1px, transparent background, certain file size etc..
A license is not valid if clear.gif has any altered properties, which basically means my script has suspended the account by recreating that gif file.

I can then remotely open that gif file which would contain all the user details in the comments.

I thought if it revolved around a PHP file or a database value to say whether the account has been suspended, the user might catch on and change it. I thought using an image would be a more subtle way of doing it.

It's hard to explain, but it's working so far!

Beansprout · 27 May 2006 at 16:59

That sounds like a really, really, really insecure idea :very bad: o.O :eek:

:alarm:

toastyman · 27 May 2006 at 18:11

Beansprout said:
That sounds like a really, really, really insecure idea :very bad: o.O :alarm:

Why?

Conrad11 · 28 May 2006 at 11:32

Sorry if i have got this worng from your explaination....but coulnd't people just open the gif to see the user details?

toastyman · 28 May 2006 at 12:42

Conrad11 said:
Sorry if i have got this worng from your explaination....but coulnd't people just open the gif to see the user details?

There are no actual important user details... just the username, domain and date of registration. I just thought storing these details in an image would be more likely to not be detected than having PHP open a connection to the master site to send the details..

Beansprout · 28 May 2006 at 14:17

toastyman said:
Why?

"The main site has the ability to alter any files on the client sites" :eek:

robmiller · 28 May 2006 at 14:33

Security through obscurity is awesome :cool:

toastyman · 28 May 2006 at 14:37

Well you can't say it wouldn't be unique lol

Beansprout · 28 May 2006 at 14:46

Ok, I'll spell it out. You don't really want the ability to alter any files anywhere, do you? Because that means...

The script must have some sort of "accept and execute this remote command" ability but ok, it only works from your server right? What if the server's DNS was poisoned so it accepted the commands from, say Russia instead?

Or - even worse - if your systems got broken into. Hello, botnet

In short it's a bad idea :eek:

toastyman · 28 May 2006 at 15:10

Beansprout said:
Ok, I'll spell it out. You don't really want the ability to alter any files anywhere, do you? Because that means...

The script must have some sort of "accept and execute this remote command" ability but ok, it only works from your server right? What if the server's DNS was poisoned so it accepted the commands from, say Russia instead?

Or - even worse - if your systems got broken into. Hello, botnet

In short it's a bad idea

Ah crap

The idea of that facility was to be able to update the main system files without the user having to do it. All they would have to do is click "update" next to each file they want to update.

Maybe I could do it the other way round then...an XML from the master site which lets the client sites know what updates/plugins are available. The user then chooses which updates/plugins they want to install.
It could use file_get_contents() to read the a text file on the master site, which stores the PHP code. It then overwrites/creates the new files.
Would that be better or is it still a no?