Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
PHP help needed
#1
I have a PHP script that is rather old. It was used to prevent direct download of content.

I assume with the continued advances in PHP, the script itself needs some minor adjustments.

I would be willing to pay a reasonable fee for someone to take a look, debug it and fix it.

Quote:<?php
//your domain, no http://
$domain="www.yourdomain.com";

//folder that the hidden Downloads files are in, no lead or trailing slashes
$folder="hid";

$filename=stripslashes(urldecode($QUERY_STRING));
if ($filename==""){readfile("http://www.yourdomain.com/invalidfile.html");exit;}
$refr=getenv("HTTP_REFERER");
list($remove,$stuff)=split('//',$refr,2);
list($home,$stuff)=split('/',$stuff,2);
if ($home!=$domain){readfile("http://www.yourdomain.com/leecher.html");exit;
}else{
$fp=@fopen("http://".$domain."/".$folder."/".$filename,"r");
if($fp)
{
if (ereg(".mp3",$filename)){$xtype="audio/mpeg";}
elseif(ereg(".zip",$filename)){$xtype="application/x-zip-compressed";}
elseif(ereg(".exe",$filename)){$xtype="application/x-msdownload";}
else{$xtype="application/octet-stream";}
Header("Content-Type: $xtype");
Header("Accept-Ranges: bytes");
Header("Content-Disposition: ; attachment; Filename=$filename");
while (!feof($fp)) {
echo(fgets($fp, 4096));
} //end while
fclose ($fp);
}else{
readfile("http://www.yourdomain.com/filenotfound.html")
;exit;
}
}
?>
Reply
#2
hotlink prevention is usually done via a htaccess rewrite rule.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#3
The htaccess rewrite rule has several issues that i wish to avoid.

Thank you for your help Smile
Reply
#4
What errors does this script produce? I have done something similar.
JWH Technologies
Have any marketing ideas for Get-Simple? Let me hear them!
Reply
#5
Well the alternative is to pass all links through a php handler which is usually full of security flaws such as the one you posted above.

You are allowing input to be passed to fopen and then sent to the user.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#6
These are the errors I get when running the script.

Sorry for the delay in posting back Smile


Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@scenicradio.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
Reply
#7
means syntax error.
also that script defines the domain then uses hardcoded domains in the script, it also readfiles over http, which is just aweful.

Ditch the script completlly its a enormous security hole.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#8
Would this be the correct syntax for adding to the htaccess file to prevent hot linking or preventing people not on the website from downloading files ?

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com/.*$ [NC]
Reply
#9
Yeah something like that, but usually it has a mask for filetypes.
There are web based generators you can find that build these rules for you.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#10
HI,
sorry for the unrelated post..
I only want to ask is anyone have refrences of semantic web,html5 and css3....


Bob Reighley
Reply




Users browsing this thread: 1 Guest(s)