This article mainly introduces the PHP implementation blog, the forum image of the anti-theft chain method, involving the PHP string combined with the session to determine the relevant operating skills of the picture, the need for friends can refer to the next
Anti-theft chain a lot of ways, I am here to talk about my understanding of hotlinking, this and prevent remote submission is a principle.
First introduce a function
Uniqid (string);//The function is to add a unique ID string after the string you added.
If you are not sure, you can use the SHA1 () function to encrypt the string that the function outputs.
So we get a unique, and only you know the string, used to do digital visas. Next is how to detect this digital visa.
function has ($string) {if (!isset ($string) | | $string! = $_session["Uniqid"]) {exit;}} The above function means that if there is no string $string or the string is not equal to $_session["Uniqid"];//the following section is not executed.
The function of checking the digital visa is written later. What's going on next. All know that the Web page has been executed from the top. Just give birth to a digital visa at the top, and verify it in the function below.
Session_Start (); Open SESSION Function $uniqid = uniqid ("DWZ"); $_session["uniqid"] = $uniqid;//execute code has ($UNIQID); For digital verification
The most simple way to get the anti-theft chain is done. Back to the point, how to prevent the hotlinking of the picture?
This is a more concise answer. When we look at the site image source, we will find that there are two ways to store images: one is a relative path, and the other is an absolute path.
The relative path means: The picture is on your server.
Think of the path means: The picture can be on your server, or not on your server.
If it is not on your server, then there is a URL or IP address. This is the key to our anti-theft.
$_server[' Http_host '];//This allows you to get the URL of the server. But this can be modified directly with the code.
Gets the send request URL so that it can be verified if your URL is passed, not then not executed. It's the same principle!
Summary: The above is the entire content of this article, I hope to be able to help you learn.