PDA

View Full Version : Using REFERER in Avatar 2.0 PIC.PHP so people can't Leech

01-17-2001, 05:57 AM
Hello,

I recently found out that people could use my server as a file server for their custom avatars. I wnated to add a refferer to it so that the pic.php script would only output the correct image if it was called from my site...if not I want it to post a broken image to save on bandwidth.

I can't use the mod_rewrite thing that Eva2000 suggested on this because the custom avatars are stored in the database.

I have over 10,000 members and I know for a fact that many of them do this.

Can someone please help me to write the refferer code into the pic.php code below:

<?php
require("global.php");

if (isset($id) && $id != "")
{
$temp = $id;
settype($temp,"integer");
if (strval($temp) == $id)
{
$image = $DB_site->query_first("SELECT filename,bin_data,filetype from custom_avatar where userid = $id");
}
}

if($image)
{
$filename = $image[filename];
$data = $image[bin_data];
$type = $image[filetype];
Header ( "Content-disposition: filename=".$filename);
Header("Content-type: $type");
echo $data;
}
?>


Here is the output of http://forums.paintballcity.net/pic.php?id=8077
http://forums.paintballcity.net/pic.php?id=8077

Thanks. :)
01-19-2001, 07:31 AM
* up *
01-20-2001, 01:49 AM
supposedly a "deny from *ipaddress*" in .htaccess is supposed to stop images from the *ipaddress* from displaying the images.

Unfortunately, while it worked for me in some cases, it hasn't worked lately by a site that instructed their users to visit us and steal our smilies!

If anyone has the right way to make it work in .htaccess that might solve your problem (and mine).
01-20-2001, 06:18 AM
I use the following .htaccess in all of my image directories so that one can hotlink my images. I'm not sure if it works on all servers, but it always works on mine (Apache/Linux). Do not serve html files from a directory with this .htaccess in it because any referrals from a URL other than yours (search engine, etc) will be blocked. Just use it in your image directories:

-----

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com/ [NC]

RewriteRule /* http://%{HTTP_HOST}/ [R,L]

-----
01-22-2001, 06:12 AM
The custom avatars are stored in the database for "freddie's" hack. So that does me no good.

Any one else have an idea?