Version: 1.00, by Guru
Developer Last Online: Feb 2004
Version: 2.2.x
Rating:
Released: 02-23-2002
Last Update: Never
Installs: 29
No support by the author.
I've hacked my attachment.php script to prevent users from posting an attachment on my board, and then using the HTML to display it somewhere else. This prevents people from posting a pic on your board, then using your bandwidth to place that pic elsewhere. It is a tiny code change.
I've substituted my own logo, (LOL), but you can replace that with anything, or just use the "exit;" line to eliminate the pic entirely.
In attachment.php, right after:
PHP Code:
require("./global.php");
Add the following code:
PHP Code:
// Cross-link hack by Guru 2/24/2002
// Check that we aren't linked somewhere else
$url = parse_url($_SERVER['HTTP_REFERER']);
$checkurl = strtolower($url["host"]);
if (! strstr($checkurl, "yourdomain")) {
// Remove this code if you just want to break the image
// Substitute my Logo
header("Content-Type: image/gif");
$filename = "/usr/public_html/grafix/logo.gif";
$image = fread(fopen($filename,"r"),100000);
echo $image;
fclose($image);
// End Substitute my Logo
exit;
}
Change yourdomain to your actual domain name, and the logo URL to what you want to replace the cross-linked image with.
NOTE: Changed to use the full path in "$filename = ..." to get this to work on some servers.
I want guests to be able to see the images and attachments... that's what we're selling. What I don't want is people using my bandwidth to post signature pics on other boards.
Seems like any referer-based functionality is being broken as each day passes. My IE6 users have no referer so they get blocked too. Various firewall packages also hide the referer.
Seems like we're going to have to use sessions/cookies to get this to work right... ugh.
I have a forum set up so guests wouldn't be able to see the attachments, and attachments themselves are shown right in the thread (not with a link).
So the following change in code does the following:
- all guest see an specified image instead of an attachment.
- whoever tries to link to your attachment image from the different site will not be able to show it. the replacement image is going to show up instead of whatever is in attachment for all unregged people.
Find this in attachment.php:
PHP Code:
$permissions=getpermissions($getforuminfo[forumid]);
if (!$permissions[canview] or !$permissions[cangetattachment]) {
show_nopermission();
}
$permissions=getpermissions($getforuminfo[forumid]);
if (!$permissions[canview] or !$permissions[cangetattachment]) {
header("Location: http://www.4adrive.com/img/attachment.jpg");
exit;
}
Of course replace the url of the image to whatever you want displayed there.