vb.org Archive - VERY quick avatar/attachment protector

Page 1 of 4

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)

- - VERY quick avatar/attachment protector (https://vborg.vbsupport.ru/showthread.php?t=41065)

CJi	07-13-2002 10:00 PM

VERY quick avatar/attachment protector

This has probably been written before (I haven't checked), but I am beginning to get annoyed with people linking to my attachments/users avatars. It's quick, it's dirty, and it works. Installation time: 15 seconds per file. Number of files to edit: 2.

PHP Code:


		
			
$referers = array ('www.yourforums.com','yourforums.com','aaa.bbb.ccc.ddd'); 



function check_referer($referers){ 

   if (count($referers)){ 

      $found = false; 

      $temp = explode('/',getenv("HTTP_REFERER")); 

      $referer = $temp[2]; 

      for ($x=0; $x < count($referers); $x++){ 

         if (ereg ($referers[$x], $referer)) { 

            $found = true; 

         } 

      } 

      if (!$found){ 

      exit;

      } 

         return $found; 

      } else { 

         return true;

   } 

} 



check_referer($referers);

Edit the $referers array with your details (DOMAINS and IP Addresses ONLY. Do NOT include path information or 'http://').

Place at the top of avatar.php and attachment.php just after:

PHP Code:


		
			
<?php

Hope this is of help to some people. :)

Boofo

07-14-2002 08:19 PM

I don't mean to sound ignorant, but exactly what does this do? :)

MrLister

07-14-2002 08:26 PM

It makes it so you can't link attachment URLs to different places.

Boofo

07-14-2002 09:14 PM

I guess I'm still not sure what it does. Sorry.

What will happen if someone DOES try to link to something then?

And what would you put in this line?

My site URL is http://www.bearfacts2.com/forum/

Is that what I would put here? :)

PHP Code:


		
			
$referers = array ('www.yourforums.com','yourforums.com','aaa.bbb.ccc.ddd');

Velocd

07-14-2002 10:15 PM

I'm guessing you read my thread that I posted yesterday of how I had this problem.

What he means to say Boofo is that its suppose to prevent hotlinking of your forums attachments or avatars from another site. If you hotlink an image attachment, every viewer who see's that attachment on that "other" site will come up on your forums as a guest, a very strange bug but I've had it happen to me.

I'll try this out later and see how it works ;)

CJi	07-14-2002 10:19 PM

Yup, anyone who tries to link to an image on your site (be it an avatar or an attachment) will just get a broken image/blank screen. It prevents bandwidth leeching/database slowness. Only sites listed in the $referer array will get the actual image/attachment/avatar requested.

Velocd

07-14-2002 10:20 PM

Quote:

Originally posted by Boofo

And what would you put in this line?

My site URL is http://www.bearfacts2.com/forum/

Is that what I would put here? :)

He stated plainly and clearly NOT to put the "http://" prefix.
Just put www.bearfacts2.com

I have a question about that line, this one here:

PHP Code:


		
			
$referers = array ('www.yourforums.com','yourforums.com','aaa.bbb.ccc.ddd');

Is it needed to state your domain twice as it shows above, just one is missing the www?

CJi	07-14-2002 10:21 PM

Quote:

Originally posted by Boofo

And what would you put in this line?

PHP Code:

$referers = array ('www.yourforums.com','yourforums.com','aaa.bbb.ccc.ddd');

You would put:

PHP Code:


		
			
$referers = array ('www.bearfacts2.com','bearfacts2.com','66.250.104.230');

CJi	07-14-2002 10:23 PM

Probably not with a bit more jiggery in the php, but like I said this was just a quicky. If you site is categorically only accessible via www., then it is not necessary to use the second entry without the www., and probably likewise for the IP address. I only did it that way for completeness.

Boofo

07-14-2002 10:59 PM

Ok, I see now. The 3 address are just in case someone tries to get around any one of the addresses to link to the files. It makes sense now. :) Thank you for the code, CJi. :)

Velocd, did it fix your problem? I haven't run into that yet, but it is always better to be prepared, I guess. :)

Quote:

Originally posted by CJi
Probably not with a bit more jiggery in the php, but like I said this was just a quicky. If you site is categorically only accessible via www., then it is not necessary to use the second entry without the www., and probably likewise for the IP address. I only did it that way for completeness.

All times are GMT. The time now is 10:17 PM.

Page 1 of 4

Last »

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01317 seconds Memory Usage 1,753KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (6)bbcode_php_printable (3)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: