473,216 Members | 2,092 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,216 software developers and data experts.

Hotlinking protection using php

php version - 4.4.4
mysql version - 4.1.22

Previously I tried to prevent hotlinking of images on a clients site using .htaccess and mod_rewrite. It however didn't work for some reason or other and I decided to do hotlinking protection using php. I'm really new to php. I've seen code like the following
Expand|Select|Wrap|Line Numbers
  1. <img src="display.php?id=1898" border="0" />
and have been trying to do this for the site based on this post <Link removed>. I'm having trouble specifically with getting the php script to return an image when queried as above. I've used the following code (edited because of database connection details).

Expand|Select|Wrap|Line Numbers
  1. <?
  2. //display.php
  3. $dbh=mysql_connect("<CONNECTION DETAILS...>") or die ('I cannot connect to the database because: ' . mysql_error());
  4. mysql_select_db("<DATABASE>",$dbh);
  5. $query="SELECT filename FROM thumbnails WHERE idn=".$_GET["wli"];
  6. $rawdb=mysql_query($query);
  7. $array=mysql_fetch_array($rawdb);
  8.   if (!empty($array["filename"])){
  9.         // Output the header
  10.     header("Content-Type: image/jpeg");
  11.        // Output the image
  12.         echo "photos/gallery_".$array['filename'].".jpg";
  13.   }else{
  14.     echo "photos/imagenotretrievable.jpg";
  15.     }
  16. @mysql_close($dbh);
  17. ?>
  18.  
With the corresponding code on an html page used to display the image...

Expand|Select|Wrap|Line Numbers
  1. <a href="www.somesite.com" ><img src="display.php?wli=1998" alt="" border="0" /></a>
  2.  
It doesn't display an image, just the image title.
Oct 24 '07 #1
3 2421
Atli
5,058 Expert 4TB
Hi. Welcome to TSDN!

I've removed the link from your post, as links to forums in competition with TSDN, commercial webs and any other links that may violate the Posting Guidelines are forbidden in the technical forums.

As to your problem.
Try changing line 12 of your code, so instead of just echoing the name of your image, echo the contents.

The 'src' attribute of the <img> tag expects a link to the image itself, where it can find the contents of the image. The page containing your code is in reality posing as an image, so it needs to return the contents of the image it represents, rather than its location.

Expand|Select|Wrap|Line Numbers
  1. # Change
  2. echo "photos/gallery_".$array['filename'].".jpg";
  3.  
  4. # Into
  5. echo file_get_contents("photos/gallery_".$array['filename'].".jpg");
  6.  
P.S. I highly recommend upgrading to PHP5. And even MySQL 5.
Oct 24 '07 #2
Thanks a stack that fixed it! Many thanks,
Sam
Oct 24 '07 #3
Just an update - the code above doesn't prevent hotlinking. I had to use the code in combination with a .htaccess mod rewrite. This is only possible if your server is Apache. You should also have a basic understanding of regular expressions although not absolutely necessary.

Put display.php (with the right code - see above posts) in its own folder in your root folder (usually public_html). Say we've called this folder "hotlinking" then create or add to your .htaccess file (just a text file) the following code replacing yourdomain with your domain.

Expand|Select|Wrap|Line Numbers
  1. Options +FollowSymLinks
  2. RewriteEngine On
  3.  
  4. ##### HOTLINKING PROTECTION ###############
  5. RewriteCond %{HTTP_REFERER} ^(http://(www\.)?yourdomain\.com(/.*)?)?$ [NC]
  6. RewriteRule ^hotlinking/([0-9]+)$ /hotlinking/display.php?wli=$1 [L]
  7. ####################################
  8.  
Now each image you want protected have its src attribute as follows
Expand|Select|Wrap|Line Numbers
  1. <img src="http://www.yourdomain.com/hotlinking/[idn]" alt="etc" border="0" /> 
where [idn] is a key for the database that corresponds to that images filename - i.e. have a mysql database with each record having a key (idn) and a corresponding filename (filename). Mod rewrite if working properly will rewrite the image src attribute above as http://www.yourdomain.com/hotlinking/display.php?wli=[idn] which will return an image file. Mod rewrite will only do this if the refferer is yourdomain.com.

Think that's all. Its not fool proof but it should discourage many from hotlinking your images.
Oct 27 '07 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

9
by: Howard | last post by:
I am currently looking at the various packages that are available for software protection. I have a particular question that I'd welcome your feedback on. Background info: I work for a company...
0
by: SoftComplete Development | last post by:
SoftComplete Development Updates EXECryptor to v. 2.1.20 Software piracy! Cracked serial numbers! Thousands of commercial products are posted on the warez sites and become available to all who...
17
by: andre.gunther | last post by:
Hello, unfortunately I am a customer of Yahoo Webhosting. They don't offer scripting or any meaningful server controls. I have a photo website and I have serious problems with leachers now....
2
by: Rune Nergard | last post by:
I have tried to use the System.Security.Cryptography.Xml.SignedXml class to sign an Xml message with Xml-DSIG and using an Enveloped signature type and the sha1RSA algorithm. Everything works fine...
20
by: Paul Bromley | last post by:
Not sure if I can ask the question in this forum - please let me know if it is better elsewhere. Does anyone know of a reasonably priced good copy protection program that will protect software on...
0
by: KhoaNguyen | last post by:
Hi, When i compiled these two source files, it gives me an error saying: Inaccesssible Due to its protection level. ------------Base Class----------------- using System; using...
0
by: dba | last post by:
Hi folks, I would just like to share with you SQL CodeSecure, a newly released database protection and auditing tool from SqlLabs: SQL CodeSecure provides ultimate protection from unauthorized...
13
by: Adhal | last post by:
Hi, How can I stop hotlinking to a specific file, and I want it to redirect it to a PHP link so I can monitor the number of downloads. Here is my site with the download page:...
0
by: RobertTheProgrammer | last post by:
Hi folks, I need to combine these two functions and I'm not sure how to go about it. I know how to use .htaccess to prevent anyone from hotlinking the images on my site. What I basically want...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: mar23 | last post by:
Here's the situation. I have a form called frmDiceInventory with subform called subfrmDice. The subform's control source is linked to a query called qryDiceInventory. I've been trying to pick up the...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
by: jimatqsi | last post by:
The boss wants the word "CONFIDENTIAL" overlaying certain reports. He wants it large, slanted across the page, on every page, very light gray, outlined letters, not block letters. I thought Word Art...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.