vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Member Archives (https://vborg.vbsupport.ru/forumdisplay.php?f=202)
-   -   Using REFERER in Avatar 2.0 PIC.PHP so people can't Leech (https://vborg.vbsupport.ru/showthread.php?t=6889)

01-17-2001 05:57 AM
Hello,

I recently found out that people could use my server as a file server for their custom avatars. I wnated to add a refferer to it so that the pic.php script would only output the correct image if it was called from my site...if not I want it to post a broken image to save on bandwidth.

I can't use the mod_rewrite thing that Eva2000 suggested on this because the custom avatars are stored in the database.

I have over 10,000 members and I know for a fact that many of them do this.

Can someone please help me to write the refferer code into the pic.php code below:
Code:
<?php
require("global.php");

  if (isset($id) && $id != "")
{
$temp = $id;
settype($temp,"integer");
if (strval($temp) == $id)
{
$image = $DB_site->query_first("SELECT filename,bin_data,filetype from custom_avatar where userid = $id");
}
}
 
if($image)
{
  $filename = $image[filename];
  $data = $image[bin_data];
  $type = $image[filetype];
  Header ( "Content-disposition: filename=".$filename);
  Header("Content-type: $type");
  echo $data;
}
?>
Here is the output of http://forums.paintballcity.net/pic.php?id=8077
http://forums.paintballcity.net/pic.php?id=8077

Thanks. :)

01-19-2001 07:31 AM
* up *

01-20-2001 01:49 AM
supposedly a "deny from *ipaddress*" in .htaccess is supposed to stop images from the *ipaddress* from displaying the images.

Unfortunately, while it worked for me in some cases, it hasn't worked lately by a site that instructed their users to visit us and steal our smilies!

If anyone has the right way to make it work in .htaccess that might solve your problem (and mine).

01-20-2001 06:18 AM
I use the following .htaccess in all of my image directories so that one can hotlink my images. I'm not sure if it works on all servers, but it always works on mine (Apache/Linux). Do not serve html files from a directory with this .htaccess in it because any referrals from a URL other than yours (search engine, etc) will be blocked. Just use it in your image directories:

-----

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com/ [NC]

RewriteRule /* http://%{HTTP_HOST}/ [R,L]

-----

01-22-2001 06:12 AM
The custom avatars are stored in the database for "freddie's" hack. So that does me no good.

Any one else have an idea?


All times are GMT. The time now is 10:45 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01379 seconds
  • Memory Usage 1,717KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete