PHP Implementation Blog, forum pictures anti-theft chain method _php Skills

This article describes the PHP implementation of blog, forum pictures anti-theft chain method. Share to everyone for your reference, specific as follows:

Anti-Theft chain of a lot of ways, I would like to say that I have to put hotlinking understanding, this with the prevention of remote submission is a principle.

Let's introduce a function

Uniqid (string);
The function is to add a unique ID string immediately after the string you add.

If you're not sure, you can use the SHA1 () function to encrypt the output string for this function.

So we got a unique string that only you know, used for digital visas. Next is how to detect this digital visa.

function has ($string)
{
if (!isset ($string) | | $string!= $_session["Uniqid"])
{
exit;
}
}
The above function means that if there is no string $string or the string is not equal to $_session["uniqid"];
The following section is not executed.

The function of checking the digital visa is written later. What's going on next. All know that the Web page has been executed from the top. As long as you have a digital visa at the top, verify it in the function below.

Session_Start (); Open to session function
$uniqid = uniqid ("DWZ");
$_session["uniqid"] = $uniqid;
Execute code
has ($uniqid);//Digital Verification

Above the most simple answer to the anti-theft chain of the way to complete. Back to the point, how to prevent the picture hotlinking?

This is a more simple answer. When we look at the site image source, we will find that there are two ways to store pictures: One is the relative path, one is the absolute path.

The relative path means: The picture is on your server.

Think the path means: The picture can be on your server, or not on your server.

If it is not on your server, there is a URL or IP address. This is the key to our security.

$_server[' Http_host '];
This allows you to obtain the URL of the server. But this can be modified directly with code.

Gets the send request URL so that it can be validated, if it is your URL is passed, not the execution. It's the same principle!

For more information on PHP related content readers can view the site topics: "Php Curl Usage Summary", "PHP graphics and picture Operation skills Summary", "PHP Array" operation Skills Encyclopedia, "PHP Common traversal algorithm and skills summary", "PHP Data structure and algorithm tutorial", " PHP Programming algorithm Summary, "PHP Regular Expression Usage summary", "PHP operation and operator Usage Summary", "PHP string (String) Usage summary" and "PHP common database Operation skill Summary"

I hope this article will help you with the PHP program design.