Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Full Releases

Reply
 
Thread Tools
Details »»

Version: 1.00, by Guru Guru is offline
Developer Last Online: Feb 2004 Show Printable Version Email this Page

Version: 2.2.x Rating:
Released: 02-23-2002 Last Update: Never Installs: 29
 
No support by the author.

I've hacked my attachment.php script to prevent users from posting an attachment on my board, and then using the HTML to display it somewhere else. This prevents people from posting a pic on your board, then using your bandwidth to place that pic elsewhere. It is a tiny code change.

I've substituted my own logo, (LOL), but you can replace that with anything, or just use the "exit;" line to eliminate the pic entirely.

In attachment.php, right after:
PHP Code:
require("./global.php"); 
Add the following code:
PHP Code:
// Cross-link hack by Guru 2/24/2002
// Check that we aren't linked somewhere else
$url parse_url($_SERVER['HTTP_REFERER']); 
$checkurl strtolower($url["host"]); 
if (! 
strstr($checkurl"yourdomain")) {

    
// Remove this code if you just want to break the image
    // Substitute my Logo
    
header("Content-Type: image/gif"); 
    
$filename "/usr/public_html/grafix/logo.gif";
    
$image fread(fopen($filename,"r"),100000); 
    echo 
$image
    
fclose($image);
    
// End Substitute my Logo

    
exit; 

Change yourdomain to your actual domain name, and the logo URL to what you want to replace the cross-linked image with.

NOTE: Changed to use the full path in "$filename = ..." to get this to work on some servers.

ANOTHER: See this post in this thread for a modification that works on Win32 servers: https://vborg.vbsupport.ru/showthrea...895#post297895

AGAIN: If you modify avatar.php similarly, you can prevent people from cross-linking your avatars: https://vborg.vbsupport.ru/showthrea...893#post303893

UPDATE: The parse_url line is slightly different to use the new PHP syntax.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #72  
Old 10-19-2002, 03:16 PM
BigCheeze BigCheeze is offline
 
Join Date: Oct 2002
Location: Lost in Colorado
Posts: 48
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Seems to work perfect in 2.28! Great hack! Thanks!!
Reply With Quote
  #73  
Old 10-19-2002, 04:48 PM
exTracT exTracT is offline
 
Join Date: Apr 2002
Posts: 38
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I run 2.28 and Cannot seem to get this to work with trilOByte's Welcome panel hack. the code works so i cannot hotlink the avatar, but in the welcome panel it also shows my logo instead of the users avatar. any help would be awsome! thanks

// Cross-link hack by Guru 2/24/2002
// Check that we aren't linked somewhere else
$url = parse_url($HTTP_REFERER);
$checkurl = strtolower($url["host"]);
if (false === strpos($checkurl, "wpgrevscene") ||
false === strpos($checkurl, "winnipegrevscene")) {
// Remove this code if you just want to break the image
// Substitute my Logo
header("Content-Type: image/gif");
$filename = "/home/wpgrevsc/www/images/wpgrev.gif";
$image = fread(fopen($filename,"r"),100000);
echo $image;
fclose($image);
// End Substitute my Logo

exit;
}
Reply With Quote
  #74  
Old 11-16-2002, 10:49 PM
SpeedStreet SpeedStreet is offline
 
Join Date: Aug 2002
Posts: 291
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Will this also work if you place it somewhere for smilies?

Where the heck would it go?
Reply With Quote
  #75  
Old 11-17-2002, 03:07 AM
Guru Guru is offline
 
Join Date: Nov 2001
Location: Pacific Northwet
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have no clue for the last two questions. Anyone?
Reply With Quote
  #76  
Old 11-17-2002, 04:03 AM
FWC's Avatar
FWC FWC is offline
 
Join Date: Oct 2001
Location: Ontario, CA
Posts: 821
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by SpeedStreet
Will this also work if you place it somewhere for smilies?

Where the heck would it go?
An .htaccess file in the smilies directory would do the trick. Something along the lines of:
Code:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$ 
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com.* [NC] 
RewriteCond %{HTTP_REFERER} !^http://yourdomian.com.* [NC] 
RewriteCond %{HTTP_REFERER} !^http://youripaddress.* [NC] 
RewriteRule [^/]+.(gif|jpg)$ - [F]
Reply With Quote
  #77  
Old 11-17-2002, 07:25 PM
Guru Guru is offline
 
Join Date: Nov 2001
Location: Pacific Northwet
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

After a brief amount of thought, of course smilies can't be protected by this code. They are individual files, served up by your host.
Reply With Quote
  #78  
Old 11-18-2002, 01:26 PM
SpeedStreet SpeedStreet is offline
 
Join Date: Aug 2002
Posts: 291
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

FWC,

That worked perfectly! Thanks for the help!

Does anyone know if there is a way to also protect an IIS server the same way, I don't use it for my vb server, but some of my web pages are hosted on Win2k.
Reply With Quote
  #79  
Old 11-19-2002, 03:27 AM
FWC's Avatar
FWC FWC is offline
 
Join Date: Oct 2001
Location: Ontario, CA
Posts: 821
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by SpeedStreet
FWC,

That worked perfectly! Thanks for the help!

Does anyone know if there is a way to also protect an IIS server the same way, I don't use it for my vb server, but some of my web pages are hosted on Win2k.
You're welcome.

I can't help you with IIS, though. Don't know of the equivalent to mod_rewrite.
Reply With Quote
  #80  
Old 12-19-2002, 04:54 PM
trainer trainer is offline
 
Join Date: Nov 2001
Posts: 160
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

is there a way to put a link at the top and bottom of the attachment...

Image Found at Mysite.com

or Visit Mysite.com

as part of the attachment
Reply With Quote
  #81  
Old 01-11-2003, 07:09 PM
350Chevy's Avatar
350Chevy 350Chevy is offline
 
Join Date: Nov 2002
Location: Tampa, FL
Posts: 258
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default



test
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:29 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.15446 seconds
  • Memory Usage 2,308KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (2)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete