hotlinking

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
benyboi
Forum Commoner
Posts: 80
Joined: Sat Feb 24, 2007 5:37 am

hotlinking

Post by benyboi »

ok, so ive been trying to protect my files from hotlinking, however, when the following url is entered directly i still get the file?

http://www.xxxxxxx.com/media/index.php?f=xx/xx.avi

my hotlinking file is:

Code: Select all

<?php 
$dir='ejiose5w39075fqj038m68093n050q98cm756/'; 
if ((!$file=realpath($dir.$_GET['file'])) 
|| strpos($file,realpath($dir))!==0 || substr($file,-4)=='.php'){ 
header('HTTP/1.0 404 Not Found'); 
exit(); 
} 
$ref=$_SERVER['HTTP_REFERER']; 
if (strpos($ref,'http://www.xxxxxx.com/')===0 || strpos($ref,'http')!==0){ 
$mime=array( 
'jpg'=>'image/jpeg', 
'png'=>'image/png', 
'mid'=>'audio/x-midi', 
'avi'=>'video/x-msvideo',
'wav'=>'audio/x-wav' 
); 
$stat=stat($file); 
header('Content-Type: '.$mime[substr($file,-3)]); 
header('Content-Length: '.$stat[7]); 
header('Last-Modified: '.gmdate('D, d M Y H:i:s',$stat[9]).' GMT'); 
readfile($file); 
exit(); 
} 
header('Pragma: no-cache'); 
header('Cache-Control: no-cache, no-store, must-revalidate'); 
include($file.'.php'); 
?>
can someone tell me whats wrong?
Xoligy
Forum Commoner
Posts: 53
Joined: Sun Mar 04, 2007 5:35 am

Post by Xoligy »

Isn't hotlink protection done by checking referrers? Also, I think Apache would be more suited to preventing it.
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

I would recommend searching google for hotlinking... There are more resources available for this than almost anything else.
benyboi
Forum Commoner
Posts: 80
Joined: Sat Feb 24, 2007 5:37 am

Post by benyboi »

i did but found nothing good which used php except what i have. most use .htaccess but i use windows hosting.
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

have you checked to see what the referrer is? Just assuming that it is just your domain could cause problems...

echo $_SERVER['HTTP_REFERER'];
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Keep in mind that the variable $_SERVER['HTTP_REFERER'] is not always reliable, and in some cases, not even set.
Post Reply