Hotlinking refers to the service providers themselves do not provide services content, through technical means to bypass other beneficial end user interface (such as advertising), directly on their own website to provide end users with other service providers of service content, cheat end users Browse and click-through. Beneficiaries do not provide resources or provide scarce resources, while real service providers do not get any benefits. Doing a good job of preventing hotlinking is an important job for every website developer.
Do a good job anti-theft chain work to the Web server to reduce a lot of pressure, here we share a PHP anti-theft chain implementation method:
General Download steps: Find-> Output Find results list-> Enter the software detail page-> Click the download button-> Open download page-> Click Download, start download
My approach is to do the same on the download page
First, define a $key=sdkfjwojf32413 in the public file of the Web site, which is equivalent to a key.
Generate a random number on the download page: $certcode = ' 84615354 ' (each time you open the generated is different)
Then generate a MD5 () cipher string with the ID of the above two variables and software
Then generate the real download address of the software: FILE.PHP?ID=5&CODEKEY=KSFJWOFSDKFSF
The ID here is the number of the software you can find from the database $codekey =md5 ($id. $certcode. $key)
and save the Certcode to the session,
The Codekey and IDs obtained in the file.php parameters are then obtained from the public file $key and then obtained from the session $certcode
To Codekey to verify, see whether correct, if not correct exit, otherwise do the following operation
1, delete session (again open this address is invalid)
2, read the software address from the database, and then read the software content, and output (PHP file reading method output to download the software content rather than directly to his address to download)
So if you want to download, you must open your own download page, from your download page to open the address to download, and the download address is different every time, because the generated random number is not the same
Other places even to your download address, also can not download.
Expand reading (Concrete implementation):
1. Simple anti-theft chain
$ADMIN [Defaulturl] = "http://www.vvschool.cn/404.htm";//hotlinking return address
$okaysites = Array ("http://www.vvschool.cn/", " Http://www.siyizhu.com "); Whitelist
$ADMIN [url_1] = "http://www.vvschool.cn/temp/download/";//download location 1
$ADMIN [url_2] = "";//download location 2, and so on
$reffer = $HTTP _referer;
if ($reffer) {
$yes = 0;
while (the list ($domain, $subarray) = each ($okaysites)) {
if (Ereg ($subarray, "$reffer")) {
$yes = 1;
}
}
$theu = "url". " _"." $site ";
if ($ADMIN [$theu] and $yes = = 1) {
header ("Location: $ADMIN [$theu]/$file");
} else {
header ("Location: $ Admin[defaulturl] ");
}
} else {
header ("Location: $ADMIN [Defaulturl]");
How to: Save the above code as dao4.php, such as my test validatecode.rar in my site, then use the following code to indicate the download connection.
File name? site=1&file= files
2. Server anti-theft Chain
3. Software downloads the anti-theft chain method
Place the root directory of the download software relative to the current script directory
$fileRelPath = ". /.. /software ";
Exceptions allow connected URLs, note: Their own domain name does not need to fill in, set to be sure to download,
///empty string ("") to direct input URL download situation
$EXCLUDEREFERARR = Array ("www.wreny.com", " Wreny.com ");
ChDir ($fileRelPath);
$fileRootPath = GETCWD (). /";
$filePath = $HTTP _get_vars["file"];
$url =parse_url ($_server["Http_referer"]);
if ($url [host]!=$_server["Http_host"] &&!in_array ($referHost, $EXCLUDEREFERARR)) {
?>
In fact, there are many hotlinking ways, here only a general idea as a reference:
(1) IIS hotlinking, using Isapi_rewrite, can be used as an anti-hotlinking solution in Windows;
(2) Image hotlinking, add watermark in the picture, although hotlinking can achieve the goal, but also for their own website to do propaganda.
The above is the basic idea of the PHP anti-theft chain and the way to set up, I hope to help you learn.