+- GetSimple Support Forum (http://get-simple.info/forums)
+-- Forum: GetSimple (http://get-simple.info/forums/forumdisplay.php?fid=3)
+--- Forum: Off Topic (http://get-simple.info/forums/forumdisplay.php?fid=12)
+--- Thread: PHP help needed (/showthread.php?tid=4068)
PHP help needed - saint - 2012-12-26
I have a PHP script that is rather old. It was used to prevent direct download of content.
I assume with the continued advances in PHP, the script itself needs some minor adjustments.
I would be willing to pay a reasonable fee for someone to take a look, debug it and fix it.
Quote:<?php
//your domain, no http://
$domain="www.yourdomain.com";
//folder that the hidden Downloads files are in, no lead or trailing slashes
$folder="hid";
$filename=stripslashes(urldecode($QUERY_STRING));
if ($filename==""){readfile("http://www.yourdomain.com/invalidfile.html");exit;}
$refr=getenv("HTTP_REFERER");
list($remove,$stuff)=split('//',$refr,2);
list($home,$stuff)=split('/',$stuff,2);
if ($home!=$domain){readfile("http://www.yourdomain.com/leecher.html");exit;
}else{
$fp=@fopen("http://".$domain."/".$folder."/".$filename,"r");
if($fp)
{
if (ereg(".mp3",$filename)){$xtype="audio/mpeg";}
elseif(ereg(".zip",$filename)){$xtype="application/x-zip-compressed";}
elseif(ereg(".exe",$filename)){$xtype="application/x-msdownload";}
else{$xtype="application/octet-stream";}
Header("Content-Type: $xtype");
Header("Accept-Ranges: bytes");
Header("Content-Disposition: ; attachment; Filename=$filename");
while (!feof($fp)) {
echo(fgets($fp, 4096));
} //end while
fclose ($fp);
}else{
readfile("http://www.yourdomain.com/filenotfound.html")
;exit;
}
}
?>
RE: PHP help needed - shawn_a - 2012-12-26
hotlink prevention is usually done via a htaccess rewrite rule.
RE: PHP help needed - saint - 2012-12-27
The htaccess rewrite rule has several issues that i wish to avoid.
Thank you for your help
RE: PHP help needed - JWH_Matthew - 2012-12-27
What errors does this script produce? I have done something similar.
RE: PHP help needed - shawn_a - 2012-12-28
Well the alternative is to pass all links through a php handler which is usually full of security flaws such as the one you posted above.
You are allowing input to be passed to fopen and then sent to the user.
RE: PHP help needed - saint - 2013-01-02
These are the errors I get when running the script.
Sorry for the delay in posting back
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@scenicradio.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
RE: PHP help needed - shawn_a - 2013-01-02
means syntax error.
also that script defines the domain then uses hardcoded domains in the script, it also readfiles over http, which is just aweful.
Ditch the script completlly its a enormous security hole.
RE: PHP help needed - saint - 2013-01-02
Would this be the correct syntax for adding to the htaccess file to prevent hot linking or preventing people not on the website from downloading files ?
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com/.*$ [NC]
RE: PHP help needed - shawn_a - 2013-01-03
Yeah something like that, but usually it has a mask for filetypes.
There are web based generators you can find that build these rules for you.
RE: PHP help needed - adam bucky - 2013-03-08
HI,
sorry for the unrelated post..
I only want to ask is anyone have refrences of semantic web,html5 and css3....
Bob Reighley