Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Full Releases
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Details »»

Version: 1.00, by Guru Guru is offline
Developer Last Online: Feb 2004 Show Printable Version Email this Page

Version: 2.2.x Rating:
Released: 02-23-2002 Last Update: Never Installs: 29
 
No support by the author.

I've hacked my attachment.php script to prevent users from posting an attachment on my board, and then using the HTML to display it somewhere else. This prevents people from posting a pic on your board, then using your bandwidth to place that pic elsewhere. It is a tiny code change.

I've substituted my own logo, (LOL), but you can replace that with anything, or just use the "exit;" line to eliminate the pic entirely.

In attachment.php, right after:
PHP Code:
require("./global.php"); 
Add the following code:
PHP Code:
// Cross-link hack by Guru 2/24/2002
// Check that we aren't linked somewhere else
$url parse_url($_SERVER['HTTP_REFERER']); 
$checkurl strtolower($url["host"]); 
if (! 
strstr($checkurl"yourdomain")) {

    
// Remove this code if you just want to break the image
    // Substitute my Logo
    
header("Content-Type: image/gif"); 
    
$filename "/usr/public_html/grafix/logo.gif";
    
$image fread(fopen($filename,"r"),100000); 
    echo 
$image
    
fclose($image);
    
// End Substitute my Logo

    
exit; 

Change yourdomain to your actual domain name, and the logo URL to what you want to replace the cross-linked image with.

NOTE: Changed to use the full path in "$filename = ..." to get this to work on some servers.

ANOTHER: See this post in this thread for a modification that works on Win32 servers: https://vborg.vbsupport.ru/showthrea...895#post297895

AGAIN: If you modify avatar.php similarly, you can prevent people from cross-linking your avatars: https://vborg.vbsupport.ru/showthrea...893#post303893

UPDATE: The parse_url line is slightly different to use the new PHP syntax.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #42  
Old 03-13-2002, 01:48 AM
Guru Guru is offline
 
Join Date: Nov 2001
Location: Pacific Northwet
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I want guests to be able to see the images and attachments... that's what we're selling. What I don't want is people using my bandwidth to post signature pics on other boards.
Reply With Quote
  #43  
Old 06-02-2002, 08:52 AM
ixian's Avatar
ixian ixian is offline
 
Join Date: Oct 2001
Location: Denver, CO
Posts: 189
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just a little test from me.....

Reply With Quote
  #44  
Old 06-02-2002, 05:09 PM
Guru Guru is offline
 
Join Date: Nov 2001
Location: Pacific Northwet
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by ixian
Just a little test from me.....

You may want to fix the spelling of your site name in the substitute image...
Reply With Quote
  #45  
Old 06-02-2002, 05:28 PM
ixian's Avatar
ixian ixian is offline
 
Join Date: Oct 2001
Location: Denver, CO
Posts: 189
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by Guru


You may want to fix the spelling of your site name in the substitute image...
Ya, as you can tell I whipped one up in like 20 seconds Need to find a better substitute anyway.
Reply With Quote
  #46  
Old 06-04-2002, 08:43 PM
Danny Danny is offline
 
Join Date: Dec 2001
Posts: 40
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

<a href="http://www.golden-springs.com/forums/attachment.php?s=&postid=1813" target="_blank">http://www.golden-springs.com/forums...s=&postid=1813</a>
Reply With Quote
  #47  
Old 06-05-2002, 12:42 AM
JZarate's Avatar
JZarate JZarate is offline
 
Join Date: Oct 2001
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

<a href="http://www.seles-online.com/forums/attachment.php?postid=1" target="_blank">http://www.seles-online.com/forums/a...t.php?postid=1</a>

This hack works great. Thanks.
Reply With Quote
  #48  
Old 06-23-2002, 11:34 PM
Jujubee Jujubee is offline
 
Join Date: Nov 2001
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Seems like any referer-based functionality is being broken as each day passes. My IE6 users have no referer so they get blocked too. Various firewall packages also hide the referer.

Seems like we're going to have to use sessions/cookies to get this to work right... ugh.
Reply With Quote
  #49  
Old 06-24-2002, 08:00 PM
DR2000's Avatar
DR2000 DR2000 is offline
 
Join Date: Nov 2001
Location: Brooklyn, NY
Posts: 21
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

A slight variation for those who are interested:

I have a forum set up so guests wouldn't be able to see the attachments, and attachments themselves are shown right in the thread (not with a link).

So the following change in code does the following:
- all guest see an specified image instead of an attachment.
- whoever tries to link to your attachment image from the different site will not be able to show it. the replacement image is going to show up instead of whatever is in attachment for all unregged people.

Find this in attachment.php:
PHP Code:
$permissions=getpermissions($getforuminfo[forumid]);
if (!
$permissions[canview] or !$permissions[cangetattachment]) {
  
show_nopermission();

and replace show_nopermissions(); with this:

PHP Code:
  header("Location: http://www.4adrive.com/img/attachment.jpg");
  exit; 
So here's how it should end up looking:
PHP Code:
$permissions=getpermissions($getforuminfo[forumid]);
if (!
$permissions[canview] or !$permissions[cangetattachment]) {
  
header("Location: http://www.4adrive.com/img/attachment.jpg");
  exit;

Of course replace the url of the image to whatever you want displayed there.

I use the following image:
Reply With Quote
  #50  
Old 06-24-2002, 08:29 PM
Jujubee Jujubee is offline
 
Join Date: Nov 2001
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for the tip DR2000 -- I'll make those changes myself now.

And maybe you should note that the
Admin -> User Groups -> Modify -> Unregistered -> Can download attachments

should be set to 'No'.

BTW, 'member' is misspelled in your graphic.
Reply With Quote
  #51  
Old 06-24-2002, 09:36 PM
DR2000's Avatar
DR2000 DR2000 is offline
 
Join Date: Nov 2001
Location: Brooklyn, NY
Posts: 21
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by Jujubee

BTW, 'member' is misspelled in your graphic.
Yish! Thanks for telling me. I was using that image for ages, and never knew.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:23 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05494 seconds
  • Memory Usage 2,323KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_php
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete