1
Tuxster
Hot Link Protection for Xoops Image Manager
  • 2005/12/1 13:00

  • Tuxster

  • Just popping in

  • Posts: 7

  • Since: 2003/11/11


I had a problem with other websites stealing my bandwidth by using my images on places like eBay and even an online store. While there are methods for preventing others from hot linking to your images if they are stored in the filesystem, these methods are not effective for images that are stored in the XOOPS database.

So this simple little hack does just that, it adds hot link protection for image files stored in the database.

Just save the attached file to the ./include directory of your XOOPS install and then add the following line to the image.php file immediately after mainfile.php is included.


include './include/hotlinkprotection.php';


Hopefully, others may also find this useful.

  /*  Hot Link Protection for XOOPS image files stored in the database

      Written by: Terry Edmunds (http://www.edmunds-enterprises.com)
      Distributed under the GNU license

      To install: add this line to image.php after including mainfile.php
        include './include/hotlinkprotection.php';

  */
  
if (!defined('XOOPS_ROOT_PATH')) {
    exit();
  }

  
// Configuration

  /*  Semantec & BlackICE Firewalls can block the referer. If this option is set to True then
      we will allow them to see images without changing their firewall configuration. However,
      Doing so may also allow someone else to see (steal) these images if they are also using
      this firewall setting. For maximum protection, set to False.
  */
  
define ("ALLOW_EMPTY_REFERER"True);


  
/*  Default image to send when requested image is being blocked. This is a simple image
      with the word "Blocked" in big red letters.
  */
  
$blocked_image "iVBORw0KGgoAAAANSUhEUgAAAGQAAAAeCAIAAABVOSykAAAACXBIWXMAAAsTAAALEwEAmp".
                   
"wYAAAAB3RJTUUH1QsdECge4PCp1gAAAB10RVh0Q29tbWVudABDcmVhdGVkIHdpdGggVGhl".
                   
"IEdJTVDvZCVuAAADrUlEQVRo3u2YT0hUQRzH5227+1ZlKd2iXCISsjwFYXZIIiRD0JBCjU".
                   
"J2STq1JVohCdWxQ2B1skNC3gIPG146JYSQVBRkiUKYZQczd4MlyRVS+3TYxfFt70+WD6Lm".
                   
"xxzefuc3v9/s581v3rynAULZr5lHIVCwFCwFS8FSsBQshUDBUrAUrH8IlqaZt2BQVFWJwU".
                   
"FLZ5fM1RROwTWHd0P7OXm9YmBAHDxo4uzSK6erKZyC/1kZLi6Ky5dVGZoZCBDz8+LWLSm+".
                   
"ePEfbVrYmxCyLdvXr1IsLHRwBiYmOHeOnTvJy6OggF27OHOG8fHcXK9eEYlQUoLfj89HcT".
                   
"FHjtDf7zCfvj6DePUqwOvXtLRQUoKuo+ts20ZTEw8fGkIlErS0EAoRDBKNkkpZzn85+aph".
                   
"zc9z86YUo1EHWP39FBQYujLN76evT7r19uLzmbgJQSxmmWJkxBC8sxPg7l3LUBcvyvtdVm".
                   
"bo2r9/TWH93MrLSSTsYI2NEQhYDvf5GB4GePIEj8cu0b17JilSKXbsyAXx/Dler12o+/cB".
                   
"rl1z+GtrDMvj4fRp3ryxgxWJSKWujulpZmaoq5PiiRMA9fVSqapicpJ0mtu3pbh7t0mK2l".
                   
"p53dqadTh+XIrd3Xz5wtwcPT1SrK4G2LtXKpcuMTfH2bMurywhyM9naMgSVjgslYmJrPj2".
                   
"rRS3bAEIhaQyNvY787lxI+uwebPDhIuKAIJBqXz6BPD5swt71vfvJJNcuSL1ykpL55V7x+".
                   
"JiVlxYMFQiGGpw2W1VsIqKSKUAhxrMFASwbp1UlpaywVeOXRtYGUunpa7rls7FxVJ5904+".
                   
"HJfFcBhg/XqpTE6uApbfL687OgA2bpTK+/eWcVau5czKSiZdWFmZFdvZKfUNGyydm5ulUl".
                   
"/PzAyJBEePSjESATh0KNdtdpbr1x32rFOniMflz0CADx8MwWtrmZoilTLM9sCB3IwXLpBO".
                   
"c/68+3uWEJw8aQlrdNRw83OarjM6CjAw4JDC9GmYKZ/KSgP6x4/RNLsafPoU4M4dk961LE".
                   
"PTFg4zNWW3DONx89NDXh7xuHTr6rI8PbS12a30oSEDi5cv6eoy56VpdHdnR337xp49ht6K".
                   
"CmpqXIClaWzaxL59tLfz8aPzBjc+TixGaSm6TiBAaSmxmMkJ/tkzmpvZvh1dx+MhFKKmhg".
                   
"cPnLeFY8ekePgwwKNHNDSwdSs+H14v4TANDQwOGkIlk0SjFBaSn09jI4mE4UxjZk5fHZSp".
                   
"j38KloL1N9kPHKQ3A6rIGCkAAAAASUVORK5CYII=";


  function 
sendBlockedImage()
  {
  global 
$blocked_image;

    
/*  To use a different image in place of the stock inline image
        above you can use readfile() to send a custom image.
    */

    
header('Content-type: image/png');
    echo (
base64_decode($blocked_image));
    die();
  }

  
// Parse the host name from the URL
  
function getDomainFromURL($url)
  {
    
$url_array parse_url($url);
    if (
$url_array == False) {
      return(
False);
    }
    return(
$url_array['host']);
  }


  
/*  If there is no referer info then either send blocked image or return
      depending upon the configuration option.
  */
  
if ((!isset($_SERVER['HTTP_REFERER'])) Or ($_SERVER['HTTP_REFERER'] == '')) {
    if (
ALLOW_EMPTY_REFERER) {
      return;
    }
    else {
      
sendBlockedImage();
    }
  }

  
/*  Match the referer with the XOOPS URL. If no match then
      send the blocked image. This verifies the request is
      coming from a web pages on our server.
  */
  
$referer_host getDomainFromURL($_SERVER['HTTP_REFERER']);
  
$xoops_host   getDomainFromURL(XOOPS_URL);

  if (
$referer_host != $xoops_host) {
    
sendBlockedImage();
  }

?>

2
JahDesik
Re: Hot Link Protection for Xoops Image Manager
  • 2006/1/19 3:16

  • JahDesik

  • Just popping in

  • Posts: 18

  • Since: 2005/8/2 2


hi.

nice hack

can i use this hack for mp3 files ?

Login

Who's Online

292 user(s) are online (115 user(s) are browsing Support Forums)


Members: 0


Guests: 292


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits