Flickr: hacking comments and monitoring profile views
Posted in Odd Stuff on March 18th, 2007I love Flickr. Seriously.
But one thing puzzles me: why do they allow off-site images in comments? It makes no sense to allow people to post comments on pictures with stupid animated gifs. It only makes sense to allow commenters to include other Flickr pictures as part of the discussion. Well, since they allow it, I decided to play with the concept a bit.
I have long used a PHP program to track views of my comments on other websites, most notably on PersonalMBA. My avatar is actually a link to a PHP program running on my site. The program (code below) records some information about the request in a log file, and then gives the JPG file over to the client. They never know that I’ve logged the fact that they requested my avatar. What have I done with this information? Pretty much nothing, except to give me an external view in to the popularity individual pages on the site.
So, I used this PHP program to leave comments on Flickr. But so as to not make things obvious, I have the PHP program send a 1×1 pixel clear GIF. The program then logs every time someone views another persons picture page on Flickr. Again, what have I done with this information? Umm, nothing, yet.
But it brings up another interesting possibility for the “off-site images in comments” thing that Flickr allows. If I can make it link to an off-site image, then I probably can change the image. If I wanted to do something devious, I could post a lot of “Great Shot” comments, including a reference to my off-site image. Initially the image would be a 1×1 clear gif so no one could know. Then, when I feel evil, I could change it to something, um, evil. Yes, my account would be banned. Yes, the comments would be deleted, but not before my “evil” image was viewed thousands of times. And then I could do it again with a new account. Why would I do this? Um, again, I’m not sure.
Profile monitoring
So after all that evil making, I’ve figured a more innocuous use for my PHP program–logging how many times people view my profile in Flickr. I find it odd that Flickr doesn’t tell me this by default–they tell me the number of times my images and sets are viewed. Why not my profile?
So, the concept is the same. I include an image in my profile thusly:
The code, listed below, logs the request and delivers the image. I now have a way to satisfy my ego for how many times people view my Flickr profile. Yippee.
Here is my PHP code. I adapted it from somewhere, but I don’t remember where. You will need to modify it to specify the log file and the image file.
< ?php
//Modify these two to suite your needs
$vfile = "flickr.gif";
$filename = 'logfile.log';function readfile_chunked($filename,$retbytes=true)
{
$chunksize = 1*(1024*1024); // how many bytes per chunk
$buffer = '';
$cnt =0;
// $handle = fopen($filename, 'rb');
$handle = fopen($filename, 'rb');
if ($handle === false)
{
return false;
}
while (!feof($handle))
{
$buffer = fread($handle, $chunksize);
echo $buffer;
flush();
if ($retbytes)
{
$cnt += strlen($buffer);
}
}
$status = fclose($handle);
if ($retbytes && $status)
{
return $cnt; // return num. bytes delivered like readfile() does.
}
return $status;
}header("Content-type: image/gif");
readfile_chunked($vfile,false);$somecontent = date('m-d-y H:i:s '). $_SERVER['REMOTE_ADDR']." ". $_SERVER['HTTP_REFERER']. " " . $_SERVER['USER_AGENT']."\n";
// Let's make sure the file exists and is writable first.
if (is_writable($filename)) {// In our example we're opening $filename in append mode.
// The file pointer is at the bottom of the file hence
// that's where $somecontent will go when we fwrite() it.
if (!$handle = fopen($filename, 'a')) {
echo "Cannot open file ($filename)";
exit;
}// Write $somecontent to our opened file.
if (fwrite($handle, $somecontent) === FALSE) {
echo "Cannot write to file ($filename)";
exit;
}echo "Success, wrote ($somecontent) to file ($filename)";
fclose($handle);
} else {
echo "The file $filename is not writable";
}
?>
