How to ban hotlinking in php

php method to prohibit hotlinking: first define a "$key=sdkfjwojf32413" in the public file of the website; then generate a random number on the download page; then generate an md5 encrypted string; and finally generate the true version of the software Download the address and save the certcode to the session.

Recommendation: "PHP Video Tutorial"

Hot linking means that the service provider itself does not provide The content of the service uses technical means to bypass other beneficial end-user interfaces (such as advertisements) and directly provide end-users with the service content of other service providers on their own websites, thereby defrauding end-users of their browsing and click-through rates. The beneficiary provides no or very few resources, while the real service provider receives no benefit. Preventing hotlinking is an important task for every website developer.

Doing a good job in preventing hotlinking can reduce a lot of pressure on the website server. Here we share a method to implement anti-hotlinking in PHP:

General download steps: Search -> Output the search results list->Enter the software details page->Click the download button->Open the download page->Click download to start downloading

My method is to make a fuss on the download page

First define a $key=sdkfjwojf32413 in the public file of the website, which is equivalent to a key.

Generate a random number on the download page: $certcode = '84615354' (each The generated ones are different every time you open them)

Then use the above two variables and the ID of the software to generate an md5() encrypted string

Then generate the real download address of the software: file.php?id =5&codekey=ksfjwofsdkfsf

The id here is the software number. You can find the software address from the database based on it. $codekey=md5($id.$certcode.$key)
Then save the certcode to the session.

Get the codekey and id from the parameters of file.php, then get the $key from the public file, and then get the $certcode from the session

Verify the codekey to see if it is correct. If If it is incorrect, exit, otherwise perform the following operations

1. Delete the session (opening this address again will be invalid)

2. Read the software address from the database, and then read the software content , and output (use PHP's file reading method to output the content of the software to be downloaded instead of directly giving him the download address)

In this way, if you want to download, you must open your own download page and download from your You have to open the page to download the address, and the download address is different every time because the random numbers generated are different

Even if you are connected to your download address elsewhere, you cannot download it.

Extended reading (specific implementation):

1. Simple anti-hotlinking

$ADMIN[defaulturl] = "http://www.vvschool.cn/404.htm";//盗链返回的地址 
$okaysites = array("http://www.vvschool.cn/","http://www.siyizhu.com"); //白名单 
$ADMIN[url_1] = "http://www.vvschool.cn/temp/download/";//下载地点1 
$ADMIN[url_2] = "";//下载地点2，以此类推 
   
$reffer = $HTTP_REFERER; 
if($reffer) { 
$yes = 0; 
while(list($domain, $subarray) = each($okaysites)) { 
if (ereg($subarray,"$reffer")) { 
$yes = 1; 
} 
} 
$theu = "url"."_"."$site"; 
if ($ADMIN[$theu] AND $yes == 1) { 
header("Location: $ADMIN[$theu]/$file"); 
} else { 
header("Location: $ADMIN[defaulturl]"); 
} 
} else { 
header("Location: $ADMIN[defaulturl]"); 
}

File name?site=1&file=File usage method: Change the above The code is saved as dao4.php. For example, if the validatecode.rar I used for testing is in my site, the following code is used to represent the download connection.

2. Server anti-leeching

3. Anti-hotlinking methods for software downloads

//放置下载软件的根目录相对于当前脚本目录的相对目录 
$fileRelPath= "../../software"; 
//例外允许连接的网址，注意:自身域名不需要填入,设定为肯定可以下载, 
// 空字符串("")表示直接输入网址下载的情况 
$excludeReferArr= array("www.wreny.com","wreny.com"); 
chdir($fileRelPath); 
$fileRootPath= getcwd() ."/"; 
$filePath=$HTTP_GET_VARS["file"]; 
$url=parse_url($_SERVER["HTTP_REFERER"]); 
if($url[host]!=$_SERVER["HTTP_HOST"] && !in_array($referHost,$excludeReferArr)){

(1) IIS anti-hotlinking, using ISAPI_Rewrite, can be used as a solution to anti-hotlinking under Windows; in fact, anti-theft There are many ways to link. Here is just a general idea for reference:

(2) Anti-hotlinking of pictures. Add watermarks to pictures. Although hotlinkers can achieve their goals, they are also doing themselves a disservice. website for promotion.

The above is the basic idea and setting method of PHP anti-hotlinking. I hope it will be helpful to everyone's learning.

The above is the detailed content of How to ban hotlinking in php. For more information, please follow other related articles on the PHP Chinese website!