Hidden Download URL?

[McDohl]

Hey all,

I was hoping if someone could spare just a little of their time to help me out.

I'm currently using Erdem's Advanced File Archive 2.0 ( https://vborg.vbsupport.ru/showthrea...threadid=45454 ) and at the moment, I like it. Everything is working smoothly except one thing.

The download link actually shows the URL it will be downloading from.

Would there be any way that in the status bar (where it usually shows a small page with a blue "E" and done next to it when the page is done loading) it would hide the URL from viewing by anyone by showing any text at all in it's place? It's a massive bandwidth using site and so we can't afford people being able to view the URL and hotlinking to it, as we use enough bandwidth as it is.

Anyone who would be able to take up this simple thing will have my gratitude, as I am useless at hacks.

Many thanks,
Scott

[Brad]

McDohl, there is *always* a way around hidden urls. A better way to do it would be redirecting anyone not coming from your site to your main page. or show a error when someone comes from anthor site. I can look into for you if you cant do it yourself.

[filburt1]

Check the HTTP_REFERER in the download script, and if it's not from the correct page, reject the download. That is, except for the idiots who use "privacy" protection to block it, making us webmasters have to completely reinvent the wheel for antihotlinking and such.

[McDohl]

@Filburt1 - I wouldn't be able to do that if I tried. :P I'm a newbie webmaster, so i'm not too handy on the idea of that.

@Anime-loo - I'd love it if you would be able to look into that for me. I'd appreciate it very much. However, would it be much of a problem if the downloads I mentioned were hosted on another server not linked to my actual website?

Thank you both for your quick replies.

[Brad]

In files.php find:

PHP Code:

// #################### View File ###################

if ($action=="viewfile"){
        if ($bbuserinfo['usergroupid']=="1" or $f=="") {
                header("Location: files.php?action=error"); 
        }else{ 


Replace with: (make sure you change both the ***yoururl.com here*** with your domain)

PHP Code:

// #################### View File ###################

if ($action=="viewfile"){
        if ($bbuserinfo['usergroupid']=="1" or $f=="") {
                header("Location: files.php?action=error"); 
        } elseif 
                $loo_hack_url = "yoururl.com here";
                $member_url = parse_url($GLOBALS[HTTP_REFERER]);
                   if ($member_url[host]!="***yoururl.com here**) {
                     eval("standardredirect(\"".gettemplate("redirect_loo_badurl")."\",\"\$loo_hack_url\");");
                   } else { 


Make a new template named redirect_loo_badurl.

Populate it with:

PHP Code:

Hotlinking is a no no! 


I havent tested this, cause i dont use said hack, and its late, so if theres a error, yank it out and ill see whats wrong with it.

[Erwin]

No matter what you do, it would be impossible to hide the URL. You can use JS to hide it from the status bar, but so what? People can still view the source.

Best to use .htacess or some other server based method to block hotlinking.

[McDohl]

Ack, there was a slight error.

Quote:

Parse error: parse error, unexpected T_VARIABLE, expecting '(' in /home2/halfbloo/public_html/files.php on line 184

Also, where you have to put your URL...do you mean the actual domain of the site that is hosting the files in question or the site with the actual forum added?

I hope i'm not causing you too much trouble. :dead:

@Erwin - Currently trying to learn htaccess.

[McDohl]

Oh wait, I made an error.

It works!

Thanks very much! I appreciate it!