Page 1 of 1

Ok...why does this keep returning "Site Not Allowed&

Posted: Thu Apr 08, 2004 11:04 am
by Whissy

Code: Select all

<?php 

// secret image directory 
$sDir = "images/blabla/"; 
// clean the $img variable up 
$img = stripslashes(ltrim(rtrim($img))); 
// create absolute path to image 
$fDir = $sDir.$img; 
// These are the allowable content types 
$allowExt = array("gif","jpg","png"); 
// sites to allow 
$allowSite = array("carbon3.net","www.carbon3.net"); 

if(file_exists($fDir)) { 
    if(!in_array($HTTP_REFERER,$allowSite)) { 
        echo "Site not allowed"; 
        die(); 
        // check if the content is allowable according to the array(); 
        if(!in_array(substr($img,-3),$allowExt)) { 
            echo "Invalid image name/extension"; 
            die(); 
        } 
        else { 
            $fType = substr($img,-3); 
            // change the jpg ext. to jpeg 
            if($fType == "jpg") $fType = "jpeg"; 
            // define the content type 
            Header("Content-type: image/$fType"); 
            $fp = @fopen($fDir,"rb"); 
            // display the output 
            fpassthru($fp); 
            fclose($fp); 
        }
    }
}
else { 
    echo "File does not exist"; 
    die(); 
}
In an effort to stop leachers someone gave me this code...but for some reason it keeps throwing back "Site not allowed" when I call the script.
I know it finds the image..but still throwa out that error.
The array has the correct site in etc, and everything else seams to corospond..so anyhelp on fixing this would be GRAND! :)

Posted: Thu Apr 08, 2004 11:08 am
by markl999
Try if(!in_array($_SERVER['HTTP_REFERER'],$allowSite)) {

Posted: Thu Apr 08, 2004 12:08 pm
by Whissy
nah, I should have mentioned I also tried that. Thanks for the help anyway!

Posted: Thu Apr 08, 2004 12:12 pm
by markl999
Well $_SERVER['HTTP_REFERER'] looks like 'http://foo.com' so your array should probably be :
$allowSite = array('http://carbon3.net','http://www.carbon3.net');

A little debugging should show you what the referer is, echo '**'.$_SERVER['HTTP_REFERER'].'**'; .. i've added the **'s so you can see if the referer is empty :o