How PHP implements the anti-theft chain explanation

This article mainly introduces PHP to implement the anti-theft chain method, combined with an example of the PHP anti-theft chain involved in the relevant technology and specific implementation skills, the need for friends can refer to, hope to help everyone.

$_SERVER['HTTP_REFERER']The Access situation

Note that $_server[' http_referer '] is not always available and can only be obtained if:

One, can take the situation of Http_referer is the following several:

1. Direct use of <a href>
2. Form submitted with submit or <input type=image> (POST or GET)
3. Forms submitted using JScript (POST or GET)

Two, the situation can not be taken in the following categories:

1. From the Favorites Link
2. Click "Home" or a custom address
3. Using JScript's Location.href or Location.replace ()
4. Enter the address directly in the browser
5. <%Response.Redirect%>
6. <%Response.AddHeader%> or <meta http-equiv=refresh> steering
7. Loading addresses with XML

strrposFunction Explanation:

Strrpos-calculates the last occurrence of the specified string in the target string

Description

int strrpos ( string $haystack , string $needle [, int $offset = 0 ] )
Returns the last digit position of the needle in a string $haystack.

$haystack	The lookup in this string.
$needle	If needle is not a string, it is converted to an integral type and is treated as a sequential value of the character.

return value

Returns the location where the needle exists. Returns FALSE if it is not found.

Hotlinking Judgment Code: asd.php

<?php//anti-theft chain technology//first determine whether to get to $_server[' http_referer '] variable if (isset ($_server[' http_referer ')) {  //Judge $_server[' HTTP _referer '] is not starting with http://localhost/  if (Strpos ($_server[' http_referer '), "http://localhost") ==0) {    echo '  ';  }  else{    Header ("Location:warning.php");//Jump page to warning.php    //echo $_server["Http_referer"];  }} else {  header ("Location:warning.php");}? >

warning.php

Anti-theft chain verification code



<! DOCTYPE html>
The above is the understanding principle

Generally by configuring the server anti-theft chain, such as Nginx configuration access

(gif|jpg|jpeg|png|bmp|swf) white list of documents such as

Specific configuration can be Baidu search