如何将以下代码添加热链接防护仅由* .mydomain.com通过php访问?我在哪里添加它?
<?php
$dir = 'folder';
$file = $_GET['name'];
// local file that should be send to the client
$local_file = $dir.'/'.$file;
// filename that the user gets as default
$download_file = 'video.mp4';
// set the download rate limit (=> 20,5 kb/s)
$download_rate = 200;
if(file_exists($local_file) && is_file($local_file)) {
// send headers
header('Cache-control: private');
header('Content-Type: application/octet-stream');
header('Content-Length: '.filesize($local_file));
header('Content-Disposition: filename='.$download_file);
// flush content
flush();
// open file stream
$file = fopen($local_file, "r");
while (!feof($file)) {
// send the current file part to the browser
print fread($file, round($download_rate * 1024));
// flush the content to the browser
flush();
// sleep one second
sleep(1);
}
// close file stream
fclose($file);
}
else {
die('Error: File '.$local_file.' does not exist!');
}
?>
我知道它必须像
define('HOTLINK_PROTECTION',TRUE); // enable hotlinking? true/false
define('HOTLINK_PAGE_URL','http://www.mydomain.com/images/hotlink.jpg'); // Hotlink URL
$allowed_domains="*.mydomain.com, www.mydomain.com";
#checks the referer of the script
function getReferer() { preg_match('@^(?:http://)?([^/]+)@i',$_SERVER['HTTP_REFERER'], $match); return $match[1]; }
#checks if referer domain is okay
function hotlink_check() {
global $allowed_domains; $allowed_domains.=','.$_SERVER['HTTP_HOST'];
$domains=explode(',',str_replace(' ','',$allowed_domains));
$referer=getReferer(); $site=array();
foreach ($domains as $value) { $site[]='^'.str_replace('*','([0-9a-zA-Z]|\-|\_)+',str_replace('.','\.',$value)).'$'; }
foreach ($site as $pattern) { if(eregi($pattern,$referer)) $MATCH=TRUE; if($MATCH==TRUE) break; }
if($MATCH==TRUE) return TRUE; else return FALSE;
}
define('HOTLINK_PASS',hotlink_check());
if(HOTLINK_PROTECTION&&!HOTLINK_PASS&&$_SERVER['QUERY_STRING']!='admin') { header('HTTP/1.1 403 Forbidden'); header('Location: '.HOTLINK_PAGE_URL); die(); }
但我在哪里实施呢?我怎么能这样做?
---编辑---
我做到了,但它不适用于Mozilla Firefox ...使用firefox它只是直接转到热链接图像。
我已经使用Chrome,Internet Explorer,Safari和Opera对其进行了测试,并且唯一一个将我带到热门图片的人是Firefox,我必须在这里做错事。
以下是代码:
<?php
define('HOTLINK_PROTECTION',TRUE); // enable hotlinking? true/false
define('HOTLINK_PAGE_URL','http://www.site.com/images/hotlink.jpg'); // Hotlink URL
$allowed_domains="*.site.com, www.site.com";
#checks the referer of the script
function getReferer() { preg_match('@^(?:http://)?([^/]+)@i',$_SERVER['HTTP_REFERER'], $match); return $match[1]; }
#checks if referer domain is okay
function hotlink_check() {
global $allowed_domains; $allowed_domains.=','.$_SERVER['HTTP_HOST'];
$domains=explode(',',str_replace(' ','',$allowed_domains));
$referer=getReferer(); $site=array();
foreach ($domains as $value) { $site[]='^'.str_replace('*','([0-9a-zA-Z]|\-|\_)+',str_replace('.','\.',$value)).'$'; }
foreach ($site as $pattern) { if(eregi($pattern,$referer)) $MATCH=TRUE; if($MATCH==TRUE) break; }
if($MATCH==TRUE) return TRUE; else return FALSE;
}
define('HOTLINK_PASS',hotlink_check());
if(HOTLINK_PROTECTION&&!HOTLINK_PASS) { header('HTTP/1.1 403 Forbidden'); header('Location: '.HOTLINK_PAGE_URL); die(); }
$dir = 'directory';
$video = $_GET['name'];
// local file that should be send to the client
$local_file = $dir.'/'.$video;
// filename that the user gets as default
$download_file = 'video.mp4';
// set the download rate limit (=> 200 kb/s)
$download_rate = 200;
if(file_exists($local_file) && is_file($local_file)) {
// send headers
header('Cache-control: private');
header('Content-Type: application/octet-stream');
header('Content-Length: '.filesize($local_file));
header('Content-Disposition: filename='.$download_file);
// flush content
flush();
// open file stream
$file = fopen($local_file, "r");
while (!feof($file)) {
// send the current file part to the browser
set_time_limit(0);
print fread($file, round($download_rate * 1024));
// flush the content to the browser
flush();
// sleep one second
sleep(1);
}
// close file stream
fclose($file);
}
else {
die('Error: File '.$local_file.' does not exist!');
}
?>
答案 0 :(得分:0)
我遇到了同样的问题
是我在文件网址中使用了我的整个域名而不是相对路径..
//download image now
$file_name = "test.jpg";//$_GET['f'];
$file_url = "http://www.example.com/yfolder/". $file_name; //WRONG
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header('Content-Type: image/jpg');
header("Content-disposition: attachment; filename=\"".$file_name."\"");
readfile($file_url);
正确的代码
//download image now
$file_name = "test.jpg";//$_GET['f'];
$file_url = "yfolder/". $file_name; //i removed my domain and it worked, i managed to download the actual image instead of the hotlinked image
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header('Content-Type: image/jpg');
header("Content-disposition: attachment; filename=\"".$file_name."\"");
readfile($file_url);