Digg This

Now you guys have probably seen that the avatars on this forum are static, they have to be manually changed before you can use a new one. 🤔
Now take a look at my avatar url
Now what happens when you view it? You see a jpg or a gif image.
Try accessing the same url 5 or more times… Did you notice something?
The picture changes automatically at random (amongst a set of 3 pics) If you didn’t see this try more times 😉
How does it happen?
The first part is a VERY simple php script on my webserver (you need a hosting account with php scripting enabled for running scripts). Also (in Linux) CHMOD the files to give execute permission to everyone.
The php code that I am using is

    $random = rand(1,3);

    switch ($random)
      case 1:
        header("location: /images/konqi.jpg" ) ;
      case 2:
        header("location: /images/Homer.gif" ) ;
      case 3:
        header("location: /images/Hobbes.gif" ) ;

    header('Cache-Control: no-store, no-cache, must-revalidate') ;
    header('Cache-Control: post-check=0, pre-check=0', FALSE) ;
    header("Expires: Mon, 26 Jul 1997 05:00:00 GMT" ) ; // Date in the past
    header('Pragma: no-cache') ;

Doesn’t take a genius to figure out what is going on here. Anyway, I’ll explain 🙂

  1. A random number is chosen between 1 and 3 and the corresponding image is displayed. This is done by the header function which is used to send HTTP headers ( a temporary redirect HTTP 302 response) This says that the resource that you want to see is at some other location).2. The headers at the end are DESPERATE ones which tell the browser “Please don’t cache the images or you will spoil my image changing effect?” Now to save bandwidth and load pages faster, browsers store copies of resources that they retrieved from the Internet on your disk in a location called cache/Temporary Internet files or similar location. Try about:cache in mozilla to see whats in it.
    Also an expiry date is given in past so that the browser thinks “Oh, this content that I retrieved has become old. I shouldn’t cache it. Next time I’ll ask for a fresh copy” Sweet…

Now the file is saved as somename.php on your server and on running it the effect of changing avatars is complete.

  1. Now for the final bit. Try pasting this url in your avatar field and the forum complains. It wants the URL to end in gif/jpg or whatever. So how to bypass this? Simple. Use the Apache .htaccess file (not available on IIS)
    .htaccess is a file that stores settings on a folder basis on you webserver. I modify this file to add a statement

Redirect /avatar.gif http://www.website.com/images/somefile.php

There you have it! It is always easy to fool software.
Try this at least once to see the power of web scripting.


“The great thing about mod_rewrite is it gives you all the configurability and flexibility of Sendmail. The downside to mod_rewrite is that it gives you all the configurability and flexibility of Sendmail. “

Brian Behlendorf, Apache Group