: How to stop access of a PHP file from other sites I read somewhere about hot linking of images. Preventing image hot linking helps to stop bandwidth theft from your site. Would it work for
I read somewhere about hot linking of images. Preventing image hot linking helps to stop bandwidth theft from your site. Would it work for a PHP file?
In my case, I am using a PHP file to generate thumbnails from an image. I don't want others to refer this PHP file from their site.
More posts by @Ogunnowo487
2 Comments
Sorted by latest first Latest Oldest Best
this example is for image even you can do same for any file type
You could make that folder not accessible from the web (e.g. place the folder outside htdocs or add .htaccess rules ).
Create a PHP script which handles all requests to the private images. This script would have to do the following:
-check if the user is authenticated
-check if the user is authorized to view the requested image open the image and print it to the browser
(you need to set correct http headers to make sure the content is treated as an image)
Demo
getimage.php
if (LoggedInUserCanAccessThisFile())//this is optional user define function as requirement if you want that only login user can see image then with the help of your session variables or cookies you can return this function true or false
{
$file = 'privatedir/image.jpg';
$type = 'image/jpeg';
header('Content-Type:'.$type);
header('Content-Length: ' . filesize($file));
readfile($file);
exit();
}
home.php/otherpage.php
<img src="getimage.php" />
(you can use src="getimage.php?userid=123" and get into getimage.php and check is this user logged in or not for showing image)
(also you can use src="getimage.php?userid=123&imgfilename=image3.jpg" for dynamic images code and get into getimage.php as
$file = 'privatedir/'.$_GET["imgfilename"];
)
One programmatic way is to check the referrer to make sure the request came from your site:
<?php
$yoursite = "yoursite.com"; //Your site url without $yoursite2 = "www.yoursite.com"; //Type your domain with this time
$referer = $_SERVER['HTTP_REFERER'];
//Check if browser sends referrer url or not
if ($referer == "") { //If not, set referrer as your domain
$domain = $yoursite;
} else {
$domain = parse_url($referer); //If yes, parse referrer
}
if($domain['host'] == $yoursite || $domain['host'] == $yoursite2) {
//Run your image generation code
} else {
//The referrer is not your site, we redirect to your home page
header("Location: yoursite.com );
exit(); //Stop running the script
}
?>
Source: www.knowledgesutra.com/forums/topic/40295-check-referrer-to-prevent-linking-yours-from-other-sites/
Edit
This article presents an alternate method using PHP sessions.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.