0

如何将防盗链添加到以下代码中,仅供 *.mydomain.com 通过 php 访问?我在哪里添加它?

<?php

$dir = 'folder';

$file = $_GET['name'];

// local file that should be send to the client
$local_file = $dir.'/'.$file;

// filename that the user gets as default
$download_file = 'video.mp4';

// set the download rate limit (=> 20,5 kb/s)
$download_rate = 200;

if(file_exists($local_file) && is_file($local_file)) {

// send headers
header('Cache-control: private');
header('Content-Type: application/octet-stream');
header('Content-Length: '.filesize($local_file));
header('Content-Disposition: filename='.$download_file);

// flush content
flush();

// open file stream
$file = fopen($local_file, "r");

while (!feof($file)) {

    // send the current file part to the browser
    print fread($file, round($download_rate * 1024));

    // flush the content to the browser
    flush();

    // sleep one second
    sleep(1);
}

// close file stream
fclose($file);


}
else {
    die('Error: File '.$local_file.' does not exist!');
}

?>

我知道它一定是这样的

define('HOTLINK_PROTECTION',TRUE); // enable hotlinking?  true/false
define('HOTLINK_PAGE_URL','http://www.mydomain.com/images/hotlink.jpg'); // Hotlink URL
$allowed_domains="*.mydomain.com, www.mydomain.com";

#checks the referer of the script
function getReferer() { preg_match('@^(?:http://)?([^/]+)@i',$_SERVER['HTTP_REFERER'], $match); return $match[1]; }

#checks if referer domain is okay
function hotlink_check() {
global $allowed_domains; $allowed_domains.=','.$_SERVER['HTTP_HOST'];
$domains=explode(',',str_replace(' ','',$allowed_domains));
$referer=getReferer(); $site=array();
foreach ($domains as $value) { $site[]='^'.str_replace('*','([0-9a-zA-Z]|\-|\_)+',str_replace('.','\.',$value)).'$'; }
foreach ($site as $pattern) { if(eregi($pattern,$referer)) $MATCH=TRUE; if($MATCH==TRUE) break; }
if($MATCH==TRUE) return TRUE; else return FALSE;
}

define('HOTLINK_PASS',hotlink_check());
if(HOTLINK_PROTECTION&&!HOTLINK_PASS&&$_SERVER['QUERY_STRING']!='admin') { header('HTTP/1.1 403 Forbidden'); header('Location: '.HOTLINK_PAGE_URL); die(); }

但是我在哪里实施呢?我怎样才能做到这一点?

- - 编辑 - -

我做到了,但它不适用于 Mozilla Firefox... 使用 Firefox 它只是直接进入热链接图像。

我用 Chrome、Internet Explorer、Safari 和 Opera 对其进行了测试,唯一将我带到热链接图像的是 Firefox,我一定是在这里做错了什么。

这是代码:

<?php

define('HOTLINK_PROTECTION',TRUE); // enable hotlinking?  true/false
define('HOTLINK_PAGE_URL','http://www.site.com/images/hotlink.jpg'); // Hotlink URL
$allowed_domains="*.site.com, www.site.com";

#checks the referer of the script
function getReferer() { preg_match('@^(?:http://)?([^/]+)@i',$_SERVER['HTTP_REFERER'], $match); return $match[1]; }

#checks if referer domain is okay
function hotlink_check() {
global $allowed_domains; $allowed_domains.=','.$_SERVER['HTTP_HOST'];
$domains=explode(',',str_replace(' ','',$allowed_domains));
$referer=getReferer(); $site=array();
foreach ($domains as $value) { $site[]='^'.str_replace('*','([0-9a-zA-Z]|\-|\_)+',str_replace('.','\.',$value)).'$'; }
foreach ($site as $pattern) { if(eregi($pattern,$referer)) $MATCH=TRUE; if($MATCH==TRUE) break; }
if($MATCH==TRUE) return TRUE; else return FALSE;
}

define('HOTLINK_PASS',hotlink_check());
if(HOTLINK_PROTECTION&&!HOTLINK_PASS) { header('HTTP/1.1 403 Forbidden'); header('Location: '.HOTLINK_PAGE_URL); die(); }

$dir = 'directory';

$video = $_GET['name'];

// local file that should be send to the client
$local_file = $dir.'/'.$video;

// filename that the user gets as default
$download_file = 'video.mp4';

// set the download rate limit (=> 200 kb/s)
$download_rate = 200;

if(file_exists($local_file) && is_file($local_file)) {

// send headers
header('Cache-control: private');
header('Content-Type: application/octet-stream');
header('Content-Length: '.filesize($local_file));
header('Content-Disposition: filename='.$download_file);

// flush content
flush();

// open file stream
$file = fopen($local_file, "r");

while (!feof($file)) {

    // send the current file part to the browser
    set_time_limit(0); 
    print fread($file, round($download_rate * 1024));

    // flush the content to the browser
    flush();

    // sleep one second
    sleep(1);
}

// close file stream
fclose($file);


}
else {
    die('Error: File '.$local_file.' does not exist!');
}

?>
4

1 回答 1

0

我有同样的问题

那是我在文件 url 中使用了我的整个域名而不是相对路径.. 

    //download image now 
$file_name = "test.jpg";//$_GET['f'];
$file_url = "http://www.example.com/yfolder/". $file_name; //WRONG
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary"); 
header('Content-Type: image/jpg');    
header("Content-disposition: attachment; filename=\"".$file_name."\""); 

readfile($file_url);

正确的代码

//download image now 
$file_name = "test.jpg";//$_GET['f'];
$file_url = "yfolder/". $file_name; //i removed my domain and it worked,  i managed to download the actual image instead of the hotlinked image
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary"); 
header('Content-Type: image/jpg');    
header("Content-disposition: attachment; filename=\"".$file_name."\""); 

readfile($file_url);
于 2013-07-03T09:39:57.900 回答