On-The-Fly Image Generation in PHP

I'm developing a script that will allow people to generate a banner for them to use. It's customizable. During the customization process, I'd like to be able to have the banner reload on the spot. So they could see the changes. Once they create the banner and are completely done with it I would give them a link for them to use. This link be a cached version of the banner 开发者_如何学编程and would recache every so often. Is there any way I can prevent them from abusing my on-the-spot generation to prevent excessive server load? Is there a way that I can make it so only my JavaScript can regenerate it?

You probably need to defend against images that are loaded too often, regardless of whether this comes from abuse or from having too many actual visitors. You can allocate a maximum number of refreshes for a given time period (depending on how loaded you want your server to be) for each image, and determine for each request whether you should generate a file or return a static error image.

Comprehensive logging & session tracking will help out with the problem. You can use a session variable to track a usage of banner generation on a per-user basis. Back this up with logging the activity coming from each IP address. Deny excessive requests from heavy usage users and IP addresses.

I would imagine there may already exist software & hardware tools for managing resource usage by IP that you could drop-in without custom-coding it for your application. I would try asking this question on ServerFault as well.

You could check the referer to make sure that the requests to your on-the-fly code are coming from your site and not being hotlinked.

This kind of thing is pretty much one of the reasons we have <canvas>.

Using a <canvas> tag, you can do image manipulation on the fly without placing any load on the server at all (in fact, the server is completely unaware of this image manipulation). Then, when done, you can actually get the raw image data from the canvas and put it in an <img> tag, or submit it to the server, or anything else you can do with images.

If you can implement this with a fallback to what you currently have (along with the suggestions made by the other answers), then you will reach a good balance.