PDA

View Full Version : Prevent hotlinking and viewing, but still include?



motormichael12
08-13-2008, 02:05 AM
I have scripts and styles on ym page that I don't want anyone to be able to see. I was wondering if I could hide it so that when I want a style I could use something like this:

<link href="content.php?style" type=text/css rel=stylesheet>

and I can set where that is in the code so I could have the sheet somewhere like /garble/hounddog/super.css or /hunnybunchesofoats.css or anything like that, same with all my javascript except like this:

<script src="content.php?js" type="text/javascript"></script>

My current code from a hotlinking prevention page (http://www.safalra.com/programming/php/prevent-hotlinking/):


<?php
$dir='./';
if ((!$file=realpath($dir.$_GET['file']))
|| strpos($file,realpath($dir))!==0 || substr($file,-4)=='.php'){
header('HTTP/1.0 404 Not Found');
exit();
}
$ref=$_SERVER['HTTP_REFERER'];
if (strpos($ref,'http://localhost/')===0 || strpos($ref,'http')!==0){
$mime=array(
'jpg'=>'image/jpeg',
'png'=>'image/png',
'mid'=>'audio/x-midi',
'wav'=>'audio/x-wav'
);
$stat=stat($file);
header('Content-Type: '.$mime[substr($file,-3)]);
header('Content-Length: '.$stat[7]);
header('Last-Modified: '.gmdate('D, d M Y H:i:s',$stat[9]).' GMT');
readfile($file);
exit();
}
header('Pragma: no-cache');
header('Cache-Control: no-cache, no-store, must-revalidate');

if($_SERVER['QUERY_STRING'] == "style")
{
include($file.'.php');
}
?>

Can anyone show me how to modify that? All the header info is confusing me.

Thanks

boogyman
08-13-2008, 01:38 PM
page


<head>
<link type="text/css" rel="stylesheet" href="/css.php?file=stylesheet" media="all>
</head>


css.php (default css file)


header("Content-type: text/css; charset: UTF-8");
header("Cache-Control: must-revalidate");
$offset = 60 * 60 ;
$ExpStr = "Expires: " . gmdate("D, d M Y H:i:s", time() + $offset) . " GMT";
header($ExpStr);

// Include the generic stylesheet(s)
include_once('/path/to/stylesheet.css');
include_once('/path/to/stylesheet.css');
include_once('/path/to/stylesheet.css');

// break the array of variables and attempt to include each of them separately
if(isset($_GET) && is_array($_GET))
{
foreach($_GET as $key => $file)
{
$file = str_replace('\\', '/', $file);
$cssArray = explode('/', $file);
$file = $cssArray[count($cssArray)-1];
@include_once($file. '.css');
}
}


you can apply the same logic to javascript by just modifying the variables to use the js extension

motormichael12
08-14-2008, 08:34 PM
Would this stop them from going to css.php and seeing it though?

I don't want them to be able to look at it or hotlink to it.