471,893 Members | 2,076 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,893 software developers and data experts.

Hotlinking protection using php

php version - 4.4.4
mysql version - 4.1.22

Previously I tried to prevent hotlinking of images on a clients site using .htaccess and mod_rewrite. It however didn't work for some reason or other and I decided to do hotlinking protection using php. I'm really new to php. I've seen code like the following
Expand|Select|Wrap|Line Numbers
  1. <img src="display.php?id=1898" border="0" />
and have been trying to do this for the site based on this post <Link removed>. I'm having trouble specifically with getting the php script to return an image when queried as above. I've used the following code (edited because of database connection details).

Expand|Select|Wrap|Line Numbers
  1. <?
  2. //display.php
  3. $dbh=mysql_connect("<CONNECTION DETAILS...>") or die ('I cannot connect to the database because: ' . mysql_error());
  4. mysql_select_db("<DATABASE>",$dbh);
  5. $query="SELECT filename FROM thumbnails WHERE idn=".$_GET["wli"];
  6. $rawdb=mysql_query($query);
  7. $array=mysql_fetch_array($rawdb);
  8.   if (!empty($array["filename"])){
  9.         // Output the header
  10.     header("Content-Type: image/jpeg");
  11.        // Output the image
  12.         echo "photos/gallery_".$array['filename'].".jpg";
  13.   }else{
  14.     echo "photos/imagenotretrievable.jpg";
  15.     }
  16. @mysql_close($dbh);
  17. ?>
With the corresponding code on an html page used to display the image...

Expand|Select|Wrap|Line Numbers
  1. <a href="www.somesite.com" ><img src="display.php?wli=1998" alt="" border="0" /></a>
It doesn't display an image, just the image title.
Oct 24 '07 #1
3 2335
5,058 Expert 4TB
Hi. Welcome to TSDN!

I've removed the link from your post, as links to forums in competition with TSDN, commercial webs and any other links that may violate the Posting Guidelines are forbidden in the technical forums.

As to your problem.
Try changing line 12 of your code, so instead of just echoing the name of your image, echo the contents.

The 'src' attribute of the <img> tag expects a link to the image itself, where it can find the contents of the image. The page containing your code is in reality posing as an image, so it needs to return the contents of the image it represents, rather than its location.

Expand|Select|Wrap|Line Numbers
  1. # Change
  2. echo "photos/gallery_".$array['filename'].".jpg";
  4. # Into
  5. echo file_get_contents("photos/gallery_".$array['filename'].".jpg");
P.S. I highly recommend upgrading to PHP5. And even MySQL 5.
Oct 24 '07 #2
Thanks a stack that fixed it! Many thanks,
Oct 24 '07 #3
Just an update - the code above doesn't prevent hotlinking. I had to use the code in combination with a .htaccess mod rewrite. This is only possible if your server is Apache. You should also have a basic understanding of regular expressions although not absolutely necessary.

Put display.php (with the right code - see above posts) in its own folder in your root folder (usually public_html). Say we've called this folder "hotlinking" then create or add to your .htaccess file (just a text file) the following code replacing yourdomain with your domain.

Expand|Select|Wrap|Line Numbers
  1. Options +FollowSymLinks
  2. RewriteEngine On
  4. ##### HOTLINKING PROTECTION ###############
  5. RewriteCond %{HTTP_REFERER} ^(http://(www\.)?yourdomain\.com(/.*)?)?$ [NC]
  6. RewriteRule ^hotlinking/([0-9]+)$ /hotlinking/display.php?wli=$1 [L]
  7. ####################################
Now each image you want protected have its src attribute as follows
Expand|Select|Wrap|Line Numbers
  1. <img src="http://www.yourdomain.com/hotlinking/[idn]" alt="etc" border="0" /> 
where [idn] is a key for the database that corresponds to that images filename - i.e. have a mysql database with each record having a key (idn) and a corresponding filename (filename). Mod rewrite if working properly will rewrite the image src attribute above as http://www.yourdomain.com/hotlinking/display.php?wli=[idn] which will return an image file. Mod rewrite will only do this if the refferer is yourdomain.com.

Think that's all. Its not fool proof but it should discourage many from hotlinking your images.
Oct 27 '07 #4

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

9 posts views Thread by Howard | last post: by
reply views Thread by SoftComplete Development | last post: by
17 posts views Thread by andre.gunther | last post: by
20 posts views Thread by Paul Bromley | last post: by
reply views Thread by zermasroor | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.