PHP to do a good job of anti-theft chain setting method

hotlinking refers to the service providers themselves do not provide services content, through technical means to bypass other beneficial end user interface (such as advertising), directly on their own website to provide end users with other service providers of service content, cheat end users Browse and click-through. Beneficiaries do not provide resources or provide scarce resources, while real service providers do not get any benefits. Doing a good job of preventing hotlinking is an important job for every website developer.

Do a good job anti-theft chain work to the Web server to reduce a lot of pressure, here we share a PHP anti-theft chain Implementation method:

General Download steps: Find-> Output Find results list-> Enter the software detail page-> Click the download button-> Open download page-> Click Download, start download

My approach is to do the same on the download page

First, define a $key=sdkfjwojf32413 in the public file of the Web site, which is equivalent to a key.

Generate a random number on the download page: $certcode = ' 84615354 ' (each time you open the generated is different)

Then generate a MD5 () cipher string with the ID of the above two variables and software

Then generate the real download address of the software: FILE.PHP?ID=5&CODEKEY=KSFJWOFSDKFSF

The ID here is the number of the software you can find from the database $codekey =md5 ($id. $certcode. $key)
and save the Certcode to the session,

The Codekey and IDs obtained in the file.php parameters are then obtained from the public file $key and then obtained from the session $certcode

To Codekey to verify, see whether correct, if not correct exit, otherwise do the following operation

1, delete session (again open this address is invalid)

2, read the software address from the database, and then read the software content, and output (PHP file reading method output to download the software content rather than directly to his address to download)

So if you want to download, you must open your own download page, from your download page to open the address to download, and the download address is different every time, because the generated random number is not the same

Other places even to your download address, also can not download.

Expand reading (Concrete implementation):

1. Simple anti-theft chain

 
 

  
  

  
$ADMIN [Defaulturl] = "Http://www.vvschool.cn/404.htm" ;//hotlinking return address
  
  

  
$okaysites  =  Array   ("http://www.vvschool.cn/","http://www.siyizhu.com");//Whitelist 
  
  

  
$ADMIN [Url_1] = "http://www.vvschool.cn/temp/download/" //Download location 1
  
  

  
$ADMIN [url_2] = "" ; //Download location 2, and so on  
  
  

  

  
  

  
$reffer  =  $HTTP _referer  ; 
  
  

  
if ($reffer) {
  
  

  
$yes  = 0; 
  
  

  
 while (List ($domain,  $subarray) = each ($okaysites )) {  
  
  

  
if (ereg($subarray,"$reffer")) {
  
  

  
$yes  = 1; 
  
  

  
}
  
  

  
}
  
  

  
$theu  =  "url" . "_" . "$site"  ; 
  
  

  
if ($ADMIN[$theu] and $yes  = = 1) {
  
  

  
Header ("Location: $ADMIN [$theu]/$file"); 
  
  

  
}  else  {
  
  

  
Header ("Location: $ADMIN [Defaulturl]"); 
  
  

  
}
  
  

  
}  else  {
  
  

  
Header ("Location: $ADMIN [Defaulturl]"); 
  
  

  
}?>
 
 

How to: Save the above code as dao4.php, such as my test validatecode.rar in my Site http://vvschool.cn/temp/download, then use the following code to express the download connection.

File name? site=1&file= files

2. Server anti-theft Chain

3. Software downloads the anti-theft chain method

 
  
  
 
   
   
  //place the root directory of the download software relative to the current script directory       
 
   
   
  $fileRelPath    =    ;    
 
   
   
//exceptions allow connected URLs, note: Their domain name does not need to be filled in, Set to be sure to download,      
 
   
   
 //  empty string ("") for direct input to Web site downloads      
 
   
   
 $EXCLUDEREFERARR    =   array   (  ,     );    
 
   
   
 chdir   (  $fileRelPath  );    
 
   
   
 $fileRootPath    =   GETCWD   ()  .   ;    
 
   
   
   =   $HTTP _get_vars   [  ];    
 Li class= "alt" >
     =  parse_url   ( Span class= "VARs" >$_server  
    [ 
    ]);     
   
 if   (  $url   [host]! =  $_server   [  ]  && !in_array (  ,    $ Excludereferarr  ) {     
 
   
  >   
 
  
  
 

In fact, there are many ways of hotlinking, here only a general idea as a reference: ⑴iis anti-hotlinking, using Isapi_rewrite, can be used as a solution to Windows hotlinking; ⑵ picture Anti-hotlinking, add watermark in the picture, although the hotlinking can achieve the goal, But they are also doing publicity for their website.