1
I had a problem with other websites stealing my bandwidth by using my images on places like eBay and even an online store.
While there are methods for preventing others from hot linking to your images if they are stored in the filesystem, these methods are not effective for images that are stored in the XOOPS database.
So this simple little hack does just that, it adds hot link protection for image files stored in the database.
Just save the attached file to the ./include directory of your XOOPS install and then add the following line to the
image.php file immediately after mainfile.php is included.
include './include/hotlinkprotection.php';
Hopefully, others may also find this useful.
<?php
/* Hot Link Protection for XOOPS image files stored in the database
Written by: Terry Edmunds (www.edmunds-enterprises.com)
Distributed under the GNU license
To install: add this line to image.php after including mainfile.php
include './include/hotlinkprotection.php';
*/
if (!defined('XOOPS_ROOT_PATH')) {
exit();
}
// Configuration
/* Semantec & BlackICE Firewalls can block the referer. If this option is set to True then
we will allow them to see images without changing their firewall configuration. However,
Doing so may also allow someone else to see (steal) these images if they are also using
this firewall setting. For maximum protection, set to False.
*/
define ("ALLOW_EMPTY_REFERER", True);
/* Default image to send when requested image is being blocked. This is a simple image
with the word "Blocked" in big red letters.
*/
$blocked_image = "iVBORw0KGgoAAAANSUhEUgAAAGQAAAAeCAIAAABVOSykAAAACXBIWXMAAAsTAAALEwEAmp".
"wYAAAAB3RJTUUH1QsdECge4PCp1gAAAB10RVh0Q29tbWVudABDcmVhdGVkIHdpdGggVGhl".
"IEdJTVDvZCVuAAADrUlEQVRo3u2YT0hUQRzH5227+1ZlKd2iXCISsjwFYXZIIiRD0JBCjU".
"J2STq1JVohCdWxQ2B1skNC3gIPG146JYSQVBRkiUKYZQczd4MlyRVS+3TYxfFt70+WD6Lm".
"xxzefuc3v9/s581v3rynAULZr5lHIVCwFCwFS8FSsBQshUDBUrAUrH8IlqaZt2BQVFWJwU".
"FLZ5fM1RROwTWHd0P7OXm9YmBAHDxo4uzSK6erKZyC/1kZLi6Ky5dVGZoZCBDz8+LWLSm+".
"ePEfbVrYmxCyLdvXr1IsLHRwBiYmOHeOnTvJy6OggF27OHOG8fHcXK9eEYlQUoLfj89HcT".
"FHjtDf7zCfvj6DePUqwOvXtLRQUoKuo+ts20ZTEw8fGkIlErS0EAoRDBKNkkpZzn85+aph".
"zc9z86YUo1EHWP39FBQYujLN76evT7r19uLzmbgJQSxmmWJkxBC8sxPg7l3LUBcvyvtdVm".
"bo2r9/TWH93MrLSSTsYI2NEQhYDvf5GB4GePIEj8cu0b17JilSKXbsyAXx/Dler12o+/cB".
"rl1z+GtrDMvj4fRp3ryxgxWJSKWujulpZmaoq5PiiRMA9fVSqapicpJ0mtu3pbh7t0mK2l".
"p53dqadTh+XIrd3Xz5wtwcPT1SrK4G2LtXKpcuMTfH2bMurywhyM9naMgSVjgslYmJrPj2".
"rRS3bAEIhaQyNvY787lxI+uwebPDhIuKAIJBqXz6BPD5swt71vfvJJNcuSL1ykpL55V7x+".
"JiVlxYMFQiGGpw2W1VsIqKSKUAhxrMFASwbp1UlpaywVeOXRtYGUunpa7rls7FxVJ5904+".
"HJfFcBhg/XqpTE6uApbfL687OgA2bpTK+/eWcVau5czKSiZdWFmZFdvZKfUNGyydm5ulUl".
"/PzAyJBEePSjESATh0KNdtdpbr1x32rFOniMflz0CADx8MwWtrmZoilTLM9sCB3IwXLpBO".
"c/68+3uWEJw8aQlrdNRw83OarjM6CjAw4JDC9GmYKZ/KSgP6x4/RNLsafPoU4M4dk961LE".
"PTFg4zNWW3DONx89NDXh7xuHTr6rI8PbS12a30oSEDi5cv6eoy56VpdHdnR337xp49ht6K".
"CmpqXIClaWzaxL59tLfz8aPzBjc+TixGaSm6TiBAaSmxmMkJ/tkzmpvZvh1dx+MhFKKmhg".
"cPnLeFY8ekePgwwKNHNDSwdSs+H14v4TANDQwOGkIlk0SjFBaSn09jI4mE4UxjZk5fHZSp".
"j38KloL1N9kPHKQ3A6rIGCkAAAAASUVORK5CYII=";
function sendBlockedImage()
{
global $blocked_image;
/* To use a different image in place of the stock inline image
above you can use readfile() to send a custom image.
*/
header('Content-type: image/png');
echo (base64_decode($blocked_image));
die();
}
// Parse the host name from the URL
function getDomainFromURL($url)
{
$url_array = parse_url($url);
if ($url_array == False) {
return(False);
}
return($url_array['host']);
}
/* If there is no referer info then either send blocked image or return
depending upon the configuration option.
*/
if ((!isset($_SERVER['HTTP_REFERER'])) Or ($_SERVER['HTTP_REFERER'] == '')) {
if (ALLOW_EMPTY_REFERER) {
return;
}
else {
sendBlockedImage();
}
}
/* Match the referer with the XOOPS URL. If no match then
send the blocked image. This verifies the request is
coming from a web pages on our server.
*/
$referer_host = getDomainFromURL($_SERVER['HTTP_REFERER']);
$xoops_host = getDomainFromURL(XOOPS_URL);
if ($referer_host != $xoops_host) {
sendBlockedImage();
}
?>
