[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-general
Subject:    Re: [PHP] Referer problem
From:       "John W. Holmes" <holmes072000 () charter ! net>
Date:       2004-05-31 18:17:01
Message-ID: 40BB769D.1080501 () charter ! net
[Download RAW message or body]

Merlin wrote:

> I am trying to prevent hotlinking of images by other servers.
> Pictures are generated on the fly by a php script, where I have included 
> this code to prevent hot linking:
> 
> $haystack = $_SERVER['HTTP_REFERER'];
> $needle  = 'globosapiens';
> $pos      = strpos($haystack, $needle);
> if ($pos === false) { // not from globosapiens
>  HEADER("Location:/g/p/2/hotlink_banner.gif");
>  exit;
> }
> 
> It workes, but not for everybody. Some user tell me that they see the 
> hotlink_banner.gif on my website as well. How is this possible?

HTTP_REFERER is not a reliable value. It is set by the client and some 
clients and/or proxies will either not set it or clear it's value.

You'd be best to handle this at the web server level. You could use 
sessions, too, and set a session variable on one of the pages leading 
into your gallery and then check for that variable when they request 
images. It can be spoofed (like any other solution), but it would take 
some work.

-- 
---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]