Is there a built in function to preserve the resolution of the original image when using imagecopy()? I've noticed even if I process the entire file it's output is half the file-size of the original. The quality is noticeably less as well. This is the code to output the cropped image.


$w = $_REQUEST['w'];
$h = $_REQUEST['h'];
$x = $_REQUEST['x'];
$y = $_REQUEST['y'];

header ("Content-type: image/jpg");

$src = @imagecreatefromjpeg("images/mypic.jpg");

$im = @imagecreatetruecolor($w, $h);

imagecopy($im,$src,0,0,$x,$y,$w,$h);

imagejpeg($im);
imagedestroy($im);

1. Use imagecopyresampled() instead of imagecopy().

2. For highest quality of the output, use 100 for the 3rd (optional) parameter of imagejpeg() (use NULL for the 2nd parameter).

Thanks for your reply, I'm looking into imagecopyresampled() now.

Alright, I've toyed with imagecopyresample() a bit. So far I've got it to scale the pic but not crop it. BTW, my intention is not to replace the image but to allow users to crop it dynamically via GETs. Thus far I've only allowed this with images uploaded to my site, but I'm considering allowing hotlinked images to be cropped as well. My concern here is, of course, is this safe? I'm thinking yes since I'm only allowing the script to execute if:

$ext = substr($filename, strrpos($filename, '.') + 1);
if ($ext == "jpg" || $ext == "JPG" || $ext == "jpeg" || $ext == "gif" || $ext == "png"){
//execute script
}
else{
//don't do it
}


... so the above will not allow a user to execute a script such as a captcha that has an image header itself.

This is what a cropped hotlinked image url would look like:



http://www.mysite.com/crop.php?filename=http://www.someothersite.com/somepic.jpg&w=50&h=50&x=131&y=107



Is this secure as long as I make sure the extension is jpg, gif or png?

It really depends what you mean by secure. People can't hack the site (as far as I'm aware) if that is what you mean... People can however use the URL to generate their own image for another site. If you want to prevent this you can check the URL of the site in your php to make sure it is your domain...

I hope that answers your question.

@jassinc, yep I got that error checking in there too (just not shown in any of the script I posted here). My only concern here is creating a hole for a XSS attack.