Ok...why does this keep returning "Site Not Allowed&

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Whissy
Forum Newbie
Posts: 4
Joined: Thu Apr 08, 2004 10:52 am
Location: UK/ Wales

Ok...why does this keep returning "Site Not Allowed&

Post by Whissy »

Code: Select all

<?php 

// secret image directory 
$sDir = "images/blabla/"; 
// clean the $img variable up 
$img = stripslashes(ltrim(rtrim($img))); 
// create absolute path to image 
$fDir = $sDir.$img; 
// These are the allowable content types 
$allowExt = array("gif","jpg","png"); 
// sites to allow 
$allowSite = array("carbon3.net","www.carbon3.net"); 

if(file_exists($fDir)) { 
    if(!in_array($HTTP_REFERER,$allowSite)) { 
        echo "Site not allowed"; 
        die(); 
        // check if the content is allowable according to the array(); 
        if(!in_array(substr($img,-3),$allowExt)) { 
            echo "Invalid image name/extension"; 
            die(); 
        } 
        else { 
            $fType = substr($img,-3); 
            // change the jpg ext. to jpeg 
            if($fType == "jpg") $fType = "jpeg"; 
            // define the content type 
            Header("Content-type: image/$fType"); 
            $fp = @fopen($fDir,"rb"); 
            // display the output 
            fpassthru($fp); 
            fclose($fp); 
        }
    }
}
else { 
    echo "File does not exist"; 
    die(); 
}
In an effort to stop leachers someone gave me this code...but for some reason it keeps throwing back "Site not allowed" when I call the script.
I know it finds the image..but still throwa out that error.
The array has the correct site in etc, and everything else seams to corospond..so anyhelp on fixing this would be GRAND! :)
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Try if(!in_array($_SERVER['HTTP_REFERER'],$allowSite)) {
Whissy
Forum Newbie
Posts: 4
Joined: Thu Apr 08, 2004 10:52 am
Location: UK/ Wales

Post by Whissy »

nah, I should have mentioned I also tried that. Thanks for the help anyway!
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Well $_SERVER['HTTP_REFERER'] looks like 'http://foo.com' so your array should probably be :
$allowSite = array('http://carbon3.net','http://www.carbon3.net');

A little debugging should show you what the referer is, echo '**'.$_SERVER['HTTP_REFERER'].'**'; .. i've added the **'s so you can see if the referer is empty :o
Post Reply