Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Full Releases
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Details »»

Version: 1.00, by Guru Guru is offline
Developer Last Online: Feb 2004 Show Printable Version Email this Page

Version: 2.2.x Rating:
Released: 02-23-2002 Last Update: Never Installs: 29
 
No support by the author.

I've hacked my attachment.php script to prevent users from posting an attachment on my board, and then using the HTML to display it somewhere else. This prevents people from posting a pic on your board, then using your bandwidth to place that pic elsewhere. It is a tiny code change.

I've substituted my own logo, (LOL), but you can replace that with anything, or just use the "exit;" line to eliminate the pic entirely.

In attachment.php, right after:
PHP Code:
require("./global.php"); 
Add the following code:
PHP Code:
// Cross-link hack by Guru 2/24/2002
// Check that we aren't linked somewhere else
$url parse_url($_SERVER['HTTP_REFERER']); 
$checkurl strtolower($url["host"]); 
if (! 
strstr($checkurl"yourdomain")) {

    
// Remove this code if you just want to break the image
    // Substitute my Logo
    
header("Content-Type: image/gif"); 
    
$filename "/usr/public_html/grafix/logo.gif";
    
$image fread(fopen($filename,"r"),100000); 
    echo 
$image
    
fclose($image);
    
// End Substitute my Logo

    
exit; 

Change yourdomain to your actual domain name, and the logo URL to what you want to replace the cross-linked image with.

NOTE: Changed to use the full path in "$filename = ..." to get this to work on some servers.

ANOTHER: See this post in this thread for a modification that works on Win32 servers: https://vborg.vbsupport.ru/showthrea...895#post297895

AGAIN: If you modify avatar.php similarly, you can prevent people from cross-linking your avatars: https://vborg.vbsupport.ru/showthrea...893#post303893

UPDATE: The parse_url line is slightly different to use the new PHP syntax.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #62  
Old 09-08-2002, 10:38 PM
Guru Guru is offline
 
Join Date: Nov 2001
Location: Pacific Northwet
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I see a small red "X" You may be seeing a cached image in your browser. Try "Refresh."
Reply With Quote
  #63  
Old 09-10-2002, 01:14 PM
SgtSling SgtSling is offline
 
Join Date: Oct 2001
Posts: 156
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ok this is working for me..
I can't see attachment images on other websites...
BUT...

All mp3 files cannot be downloaded from my domain. For some reason when you click to download it downloads the .gif

Does anyone know?
Reply With Quote
  #64  
Old 09-10-2002, 10:42 PM
Rapdis's Avatar
Rapdis Rapdis is offline
 
Join Date: Mar 2002
Posts: 122
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thanks guru... u were right
Reply With Quote
  #65  
Old 09-11-2002, 03:38 PM
Ritsui Ritsui is offline
 
Join Date: Jul 2002
Location: Lake Arrowhead, CA
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you're on a win32 server, use "rb" in place of just "r" in your call to fopen. I'm sure this will be irrelevant to 99% of everyone on the planet, but since my forum has both Linux and Windows servers, I made a version that works on both:
PHP Code:
if (! strstr($checkurl"domain")) {
  
// what server, Linux or Win32?
  
$svr 'lin';
  if (!
file_exists("/etc/fstab")) { $svr 'win';} 

  
// Substitute our Logo
  
header("Content-Type: image/gif"); 
  if (
$svr == 'win') {
    
$readflag 'rb';    // binary read flag for windows server
    
$imgfile "c:\\pathto\\image.jpg";
  }
  else {
    
$readflag 'r'// standard read flag
    
$imgfile "/pathto/image.jpg";
  }
  
$image fread(fopen($imgfile,$readflag),10000); 
  echo 
$image
  
fclose($image);
  exit; 

Reply With Quote
  #66  
Old 09-11-2002, 11:23 PM
Guru Guru is offline
 
Join Date: Nov 2001
Location: Pacific Northwet
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for the addition. That's cool. I added a link to this post with a note in the original hack.
Reply With Quote
  #67  
Old 09-15-2002, 08:34 PM
groovesalad groovesalad is offline
 
Join Date: Aug 2002
Posts: 210
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by DR2000
A slight variation for those who are interested:

I have a forum set up so guests wouldn't be able to see the attachments, and attachments themselves are shown right in the thread (not with a link).

So the following change in code does the following:
- all guest see an specified image instead of an attachment.
- whoever tries to link to your attachment image from the different site will not be able to show it. the replacement image is going to show up instead of whatever is in attachment for all unregged people.

Find this in attachment.php:
PHP Code:
$permissions=getpermissions($getforuminfo[forumid]);
if (!
$permissions[canview] or !$permissions[cangetattachment]) {
  
show_nopermission();

and replace show_nopermissions(); with this:

PHP Code:
  header("Location: [url]http://www.4adrive.com/img/attachment.jpg[/url]");
  exit; 
So here's how it should end up looking:
PHP Code:
$permissions=getpermissions($getforuminfo[forumid]);
if (!
$permissions[canview] or !$permissions[cangetattachment]) {
  
header("Location: [url]http://www.4adrive.com/img/attachment.jpg[/url]");
  exit;

Of course replace the url of the image to whatever you want displayed there.

I use the following image:
How do I get this image to show up without a link?
Reply With Quote
  #68  
Old 09-29-2002, 03:39 PM
omniweapon omniweapon is offline
 
Join Date: Nov 2001
Posts: 15
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Did anyone notice if you place this code in your avatar.php script, it'll prevent your avatars from being hotlinked too? Awesome!
Reply With Quote
  #69  
Old 09-30-2002, 03:50 AM
omniweapon omniweapon is offline
 
Join Date: Nov 2001
Posts: 15
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

O.....kay. I now have about 6 users saying they can't see the attachments or avatars absolutely anywhere. Even linked on the board. But it works fine for everyone else. I'm confused now.
Reply With Quote
  #70  
Old 09-30-2002, 11:25 PM
Guru Guru is offline
 
Join Date: Nov 2001
Location: Pacific Northwet
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Some of our users that use IE 6.0 have reported that problem. Are you running the latest vBulletin?
Reply With Quote
  #71  
Old 10-05-2002, 10:05 PM
omniweapon omniweapon is offline
 
Join Date: Nov 2001
Posts: 15
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by Guru
Some of our users that use IE 6.0 have reported that problem. Are you running the latest vBulletin?
Yep. vBulletin 2.2.8. And it seems to be an issue with AOL users mainly.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:16 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09768 seconds
  • Memory Usage 2,331KB
  • Queries Executed 27 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (6)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete