PHP Gets the browser address and then the anti-theft chain, after the refresh will not get the address, ask what is the

PHP Gets the browser address and then the anti-theft chain, after the refresh will not get the address, what is the matter Ah

My x.php code is as follows. The approximate meaning of this code is: I use a site to reference another site's resources.
My site is http://www.123.com and http://www.abc.com.
If I enter Http://www.123.com/x.php/love.mp3, it actually opens the
Http://www.abc.com/abc/love.mp3. The following code can be implemented completely.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Header ("content-type:text/html; Charset=utf-8 ");
$SERVER =$_server["Request_uri"];
Preg_match ("/php\/([\s\s]+) \.mp3/", $SERVER, $url);
$urlname = $url [1];
$downurl = ' http://www.abc.com/abc/'. $urlname. MP3 ';
Header ("Location: $downurl");
?>
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The player in the webpage can play normally Http://www.123.com/x.php/love.mp3
Later I joined the anti-theft chain, anti-download, code:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Header ("content-type:text/html; Charset=utf-8 ");
$SERVER =$_server["Request_uri"];
Preg_match ("/php\/([\s\s]+) \.mp3/", $SERVER, $url);
$urlname = $url [1];
$downurl = ' http://www.abc.com/abc/'. $urlname. MP3 ';

$url = $_server["Http_referer"]; Get the full route URL
$str = Str_replace ("http://", "", $url); Remove/HTTP/
$strdomain = Explode ("/", $STR); Separate the units with "/"
$domain = $strdomain [0]; Take the first "/" previous character
if ($domain = = "Www.123.com") {

Header ("Location: $downurl");

}
if ($domain = = "") {
Header ("Location:http://www.123.com/daolian.mp3");
}
if ($domain! = "Www.123.com") {

Header ("Location:http://www.123.com/daolian.mp3");

}
?>
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
After the modification is complete, anti-theft chain protection download is realized, in the Web page player play Http://www.123.com/x.php/love.mp3, but can not play, this is the code is what place out of the problem ah.

Share to:

------Solution--------------------
Check first what $_server["Http_referer" is.
Judging with Http_referer is not reliable.
------Solution--------------------
The simplest is to pass an encrypted message, for example, the original is Http://www.123.com/x.php/love.mp3, and now instead http://www.123.com/x.php/love.mp3?secret=xxxxxxxxx
And this secret is you according to certain rules generated, the external station is not good forgery, and you can verify this secret whether you play this station.

