The Arcive of Official vBulletin Modifications Site.

About Developer · **Released**: 02-23-2002

I've hacked my attachment.php script to prevent users from posting an attachment on my board, and then using the HTML to display it somewhere else. This prevents people from posting a pic on your board, then using your bandwidth to place that pic elsewhere. It is a tiny code change.

I've substituted my own logo, (LOL), but you can replace that with anything, or just use the "exit;" line to eliminate the pic entirely.

In attachment.php, right after:

PHP Code:


			
require("./global.php");

Add the following code:

PHP Code:


			
// Cross-link hack by Guru 2/24/2002

// Check that we aren't linked somewhere else

$url = parse_url($_SERVER['HTTP_REFERER']); 

$checkurl = strtolower($url["host"]); 

if (! strstr($checkurl, "yourdomain")) {



    // Remove this code if you just want to break the image

    // Substitute my Logo

    header("Content-Type: image/gif"); 

    $filename = "/usr/public_html/grafix/logo.gif";

    $image = fread(fopen($filename,"r"),100000); 

    echo $image; 

    fclose($image);

    // End Substitute my Logo



    exit; 

}

Change yourdomain to your actual domain name, and the logo URL to what you want to replace the cross-linked image with.

NOTE: Changed to use the full path in "$filename = ..." to get this to work on some servers.

ANOTHER: See this post in this thread for a modification that works on Win32 servers: https://vborg.vbsupport.ru/showthrea...895#post297895

AGAIN: If you modify avatar.php similarly, you can prevent people from cross-linking your avatars: https://vborg.vbsupport.ru/showthrea...893#post303893

UPDATE: The parse_url line is slightly different to use the new PHP syntax.

Dade · #2 02-24-2002, 07:49 PM

Excellent hack, most useful! Keep up the good work/hacks

nafae · #3 02-24-2002, 07:54 PM

so, just making sure, this hack will, if someone goes to say http://www.stealsomeonesbandwidthbyp...heirserver.com and links to a pic on http://www.yoursite.com it will replace the pic with one of your choice such as "image hosted by coderforums.net"?

Guru · #4 02-24-2002, 08:00 PM

Yep. That's it exactly.

Tim Wheatley · #5 02-24-2002, 08:08 PM

Can you add more than one domain? For example do I need to add forum.racesimcentral.com AND www.racesimcentral.com, or just put racesimcentral.com?

if (! strstr($checkurl, "racesimcentral.com")) {

Right?

Tim Wheatley · #6 02-24-2002, 08:20 PM

Never mind I checked and found racesimcentral.com is enough.

Guru · #7 02-24-2002, 08:51 PM

You can substitute "yourdomain" for just a part of your domain name. If you have ".com" and ".net" mapped to the same forum, then you could use just the base portion of you domain name. For example: yourdomain.com and yourdomain.net would be protected by just putting yourdomain in the check line.

Tim Wheatley · #8 02-24-2002, 09:49 PM

wow thanks

nafae · #9 02-24-2002, 11:03 PM

mm this is a great hack! I am going to install now and shall tell you how it works out

nafae · #10 02-24-2002, 11:26 PM

works great as far as I can tell!

Just testing

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.07898 seconds Memory Usage 2,296KB Queries Executed 23 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (2)bbcode_php (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (6)navbar_link (120)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (9)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!