Image Request Launches Script
When an image is requested from the server, which the HTML img
tag does, the request can cause a PHP script on the server to launch.
This is different than a request via a script that responds with an image. Instead, it is a request for an image that then triggers the PHP script behind the scenes.
In other words, not this: Using a script to load an image.
<img src="https://example.com/script.php?https://example.com/subdirectory/image.jpg">
Instead, this: Loading an image directly (which triggers a script):
<img src="https://example.com/subdirectory/image.jpg">
I'll show you how to do it.
But, why?
Although I've used it for various solutions over the years, my focus was recently been brought back to it when I needed to have as accurate a count as possible of real humans visiting a page.
I'll get back to that in a moment.
When the img
tag's src
attribute value is a URL to script.php
or other script file name, it is obvious that a script is being run. (This is the way many tracking pixels are delivered, especially for measuring email opens.)
On the other hand, when the img
src
URL ends with .gif
, .png
, .svg
, .jpg
, or .jpeg
, it can be assumed the image is being loaded directly. Yet, a script on the server can still be run.
It is a way to measure email opens with a real image request even where 1-pixel image URLs may be ignored.
And also for what I recently used it for, to obtain as accurate a count as possible of real humans visiting a page.
When the image src
URL is to a known image filename, then spiders assume a direct image request. Spiders and bots have no reason to know the image also runs a script.
A regular page load counter would count spiders and robots as well as humans who access a page. A sophisticated counter would ignore known search engine spiders. But robots that pretend to be regular browsers can be virtually impossible to detect.
There are lots of robots. In addition to the regular search engine spiders, there are testing and checking bots. As an example, when a URL is posted on Twitter, one or more spiders visit the page at the newly-posted URL. Also, some spiders roam the internet and all the while spoof themselves as regular browsers.
What I wanted for my project was a count only of humans using browsers.
The way I used the technique is when an image was loaded it launched a script that logged the IP address and user agent identification (how the browser/spider/bot identifies themselves). It was my image-load log.
Most spiders and robots that spoof themselves as regular browsers don't automatically load images, which kept them out of my image-load log. Generally, the spoofers slurp only the page source code.
The image-load log then, had entries only of those who loaded the tagged image.
To determine a page load count, known spiders were removed first (googlebot and other legitimate spiders often will load images). What is left is, mostly, a human count. I say "mostly" because there may be some requests by spoofing spiders that also request images.
An example of what I did will be used to show how a script is launched when an image is requested with an img
tag.
The system has four parts:
-
An image file for the image that will be displayed on the web page or in the email.
-
A PHP script that does the actions you want it to do and then, as its last action, sends the image to the browser or email reader.
-
An
.htaccess
file to redirect the image request to the script. -
The
img
tag.
The Image File
Make a note of the URL of the image file. You'll need it for the script. This article assumes the image file is at https://example.com/image.gif
The PHP Script
Below is the source code of the PHP script I used for the human-only page access log (updated for this article).
<?php /* Logging Script Version 2.0 June 21, 2021 Original version, Feb 2, 2021 Will Bontrager Software LLC */ $ImageURL = 'https://example.com/image.gif'; $LogFileName = __DIR__.'/humanaccess.log'; file_put_contents( $LogFileName, date('r')."\t{$_SERVER['REMOTE_ADDR']}\t{$_SERVER['HTTP_USER_AGENT']}\n", FILE_APPEND ); preg_match('/\.([^\.]+)$/',$ImageURL,$match); header("Content-type: image/{$match[1]}"); echo(file_get_contents($ImageURL)); ?>
Notes:
-
Replace
https://example.com/image.gif
with the URL of the image file. -
The next 2 printed lines are where the logging occurred. You would replace those lines with whatever you want the script to do when the image is requested. They may even be commented out or deleted.
-
The last 3 lines (colored purple) are the last active lines of the script. It is where the image is sent to the browser or email reader.
Upload the script to your server and make a note of its URL. You'll need the URL for the .htaccess
file.
The .htaccess
File
Although not required to be done exactly this way, to reduce the chance of file name conflict I suggest creating a separate directory on your server where this .htaccess
file can reside. This article assumes a special subdirectory named special
was made for the .htaccess
file.
redirect 301 /special/image.gif /php/script.php
Notes:
The URLs in this .htaccess
file are relative URLs. Relative URLs are the absolute URL with the protocol and domain name removed. As an example, if the absolute URL is https://example.com/special/image.gif then the relative URL is /special/image.gif
-
When you specify a URL for the
img
tag'ssrc
attribute (in the next step), it needs to include the directory where the.htaccess
is located, along with an image file name.Replace
/special/image.gif
with the relative URL you will use for theimg
tag. -
Replace
/php/script.php
with the relative URL of the PHP script in the previous step.
Upload the .htaccess
file into the special directory you created for it.
If you did not create a special directory and your destination directory already has an .htaccess
file, add the above .htaccess
line to the current .htaccess
file.
The img
Tag
Now that all the pieces are installed, an img
tag can be created to test the system. Here is an example.
<img src="/special/image.gif">
If your test page is on a different domain or on your hard drive, the relative URL will break and will need to be made into an absolute URL.
<img src="https:/example.com/special/image.gif">
Replace /special/image.gif
with the URL you specified in the .htaccess
file.
Testing
Load the page and see if the image shows up. If it does not, go back through the code to find where something is wrong.
Here are things to check:
-
The value of
$ImageURL
in the script must be to an existing image on the internet. -
The relative URL for the image in the
.htaccess
file needs to be identical to the relative URL for theimg
tag.Note: The URL in the
.htaccess
file must be relative. However, if the URL in theimg
tag is required to be an absolute URL (used on a different domain, for example), theimg
URL can be made into an absolute by adding the protocol and domain name to the relative URL copied from the.htaccess
file.)
When it passes the tests, you have a system where an image request also launches a script — without revealing that a script will run.
(This article first appeared with an issue of the Possibilities newsletter.)
Will Bontrager