如何在以下代码中添加热链接保护,以便*.mydomain.com通过php访问?我该把它添加到哪里?
<?php
$dir = 'folder';
$file = $_GET['name'];
// local file that should be send to the client
$local_file = $dir.'/'.$file;
// filename that the user gets as default
$download_file = 'video.mp4';
// set the download rate limit (=> 20,5 kb/s)
$download_rate = 200;
if(file_exists($local_file) && is_file($local_file)) {
// send headers
header('Cache-control: private');
header('Content-Type: application/octet-stream');
header('Content-Length: '.filesize($local_file));
header('Content-Disposition: filename='.$download_file);
// flush content
flush();
// open file stream
$file = fopen($local_file, "r");
while (!feof($file)) {
// send the current file part to the browser
print fread($file, round($download_rate * 1024));
// flush the content to the browser
flush();
// sleep one second
sleep(1);
}
// close file stream
fclose($file);
}
else {
die('Error: File '.$local_file.' does not exist!');
}
?>
我知道它一定是类似的东西
define('HOTLINK_PROTECTION',TRUE); // enable hotlinking? true/false
define('HOTLINK_PAGE_URL','http://www.mydomain.com/images/hotlink.jpg'); // Hotlink URL
$allowed_domains="*.mydomain.com, www.mydomain.com";
#checks the referer of the script
function getReferer() { preg_match('@^(?:http://)?([^/]+)@i',$_SERVER['HTTP_REFERER'], $match); return $match[1]; }
#checks if referer domain is okay
function hotlink_check() {
global $allowed_domains; $allowed_domains.=','.$_SERVER['HTTP_HOST'];
$domains=explode(',',str_replace(' ','',$allowed_domains));
$referer=getReferer(); $site=array();
foreach ($domains as $value) { $site[]='^'.str_replace('*','([0-9a-zA-Z]|'-|'_)+',str_replace('.',''.',$value)).'$'; }
foreach ($site as $pattern) { if(eregi($pattern,$referer)) $MATCH=TRUE; if($MATCH==TRUE) break; }
if($MATCH==TRUE) return TRUE; else return FALSE;
}
define('HOTLINK_PASS',hotlink_check());
if(HOTLINK_PROTECTION&&!HOTLINK_PASS&&$_SERVER['QUERY_STRING']!='admin') { header('HTTP/1.1 403 Forbidden'); header('Location: '.HOTLINK_PAGE_URL); die(); }
但我该在哪里实施呢?我该怎么做?
---编辑---
我做了,但它不适用于Mozilla Firefox。。。对于firefox,它直接进入热链接图像。
我已经在Chrome、Internet Explorer、Safari和Opera上测试过了,唯一一个让我看到热链接图像的是Firefox,我一定做错了什么。
这是代码:
<?php
define('HOTLINK_PROTECTION',TRUE); // enable hotlinking? true/false
define('HOTLINK_PAGE_URL','http://www.site.com/images/hotlink.jpg'); // Hotlink URL
$allowed_domains="*.site.com, www.site.com";
#checks the referer of the script
function getReferer() { preg_match('@^(?:http://)?([^/]+)@i',$_SERVER['HTTP_REFERER'], $match); return $match[1]; }
#checks if referer domain is okay
function hotlink_check() {
global $allowed_domains; $allowed_domains.=','.$_SERVER['HTTP_HOST'];
$domains=explode(',',str_replace(' ','',$allowed_domains));
$referer=getReferer(); $site=array();
foreach ($domains as $value) { $site[]='^'.str_replace('*','([0-9a-zA-Z]|'-|'_)+',str_replace('.',''.',$value)).'$'; }
foreach ($site as $pattern) { if(eregi($pattern,$referer)) $MATCH=TRUE; if($MATCH==TRUE) break; }
if($MATCH==TRUE) return TRUE; else return FALSE;
}
define('HOTLINK_PASS',hotlink_check());
if(HOTLINK_PROTECTION&&!HOTLINK_PASS) { header('HTTP/1.1 403 Forbidden'); header('Location: '.HOTLINK_PAGE_URL); die(); }
$dir = 'directory';
$video = $_GET['name'];
// local file that should be send to the client
$local_file = $dir.'/'.$video;
// filename that the user gets as default
$download_file = 'video.mp4';
// set the download rate limit (=> 200 kb/s)
$download_rate = 200;
if(file_exists($local_file) && is_file($local_file)) {
// send headers
header('Cache-control: private');
header('Content-Type: application/octet-stream');
header('Content-Length: '.filesize($local_file));
header('Content-Disposition: filename='.$download_file);
// flush content
flush();
// open file stream
$file = fopen($local_file, "r");
while (!feof($file)) {
// send the current file part to the browser
set_time_limit(0);
print fread($file, round($download_rate * 1024));
// flush the content to the browser
flush();
// sleep one second
sleep(1);
}
// close file stream
fclose($file);
}
else {
die('Error: File '.$local_file.' does not exist!');
}
?>
我遇到了同样的问题
我在文件url中使用了我的整个域名,而不是相对路径。。
//download image now
$file_name = "test.jpg";//$_GET['f'];
$file_url = "http://www.example.com/yfolder/". $file_name; //WRONG
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header('Content-Type: image/jpg');
header("Content-disposition: attachment; filename='"".$file_name."'"");
readfile($file_url);
正确代码
//download image now
$file_name = "test.jpg";//$_GET['f'];
$file_url = "yfolder/". $file_name; //i removed my domain and it worked, i managed to download the actual image instead of the hotlinked image
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header('Content-Type: image/jpg');
header("Content-disposition: attachment; filename='"".$file_name."'"");
readfile($file_url);