View Full Version : Antileech

11-09-2005, 09:30 PM
Hello all,

I've a problem with my script.
I'm using an antileech script, it's using mysql
Path file to download categories in config: ./stored/
I've uploaded a test file (test.rar) to category folder ( /stored/appz/test.rar)
I got the file link from admin cp: <a href="http://mydomain/dll/leech?cat=Appz&file=test.rar">test.rar</a>
When I click on the "download" button, here I go: http://mydowmain/dll/download/a69b2c975d41...de56f1/test.rar
and I got "Неверный запрос!" error..
Whats wrong?

CODEfunction GetParams () {
$params = substr(getenv('REQUEST_URI'), -(getenv('REQUEST_URI')-strlen($_SERVER['SCRIPT_NAME'])));
$param = explode('/', $params);
if (sizeof($param) < 2) {
echo "Неверный запрос!".NL;
return $param;

Неверный запрос!: that means Incorrect demand or Invalid URL

11-12-2005, 02:33 PM
Well, anti-leech by design is to make visitors go to pages on your site by link only... seems you are also checking for refer page, which isn't needed.

maybe try this:

// this parse's into the following: $url["scheme"], $url["host"], $url["path"]
$url = parse_url($HTTP_REFERER);

//$url["host"] could be in uppercase so.. new var to lower

// checks proper domain only
// no reffer needed
if ($check!='your.domain.com')
echo "<meta http-equiv=\"refresh\" content=\"0; url=http://your.domain.com/warn_page_or_redirect\">";

Just change the domain to yours and paste into all pages needed. Visitor can not access a page directly through the URL

11-12-2005, 05:00 PM
I disagree with this:

echo "<meta http-equiv=\"refresh\" content=\"0; url=http://your.domain.com/warn_page_or_redirect\">";

header("Location: http://your.domain.com/warn_page_or_redirect");

11-12-2005, 06:02 PM
I disagree with this:

Well you know best, I have been trying (learning) php for only about 2 months
and serious about it for about 1 week :p

Consider this another lesson learned! :D

11-12-2005, 08:44 PM
Should've given a reason, sorry. Some browsers don't support the meta refresh, and some people disable it. Hence, sending an HTTP Location: header is better.

11-13-2005, 12:44 AM
<?It's generally considered better to avoid short tags. Use


$url = parse_url($HTTP_REFERER);Expecting register_globals to be on is also inadvisable. Use the $_SERVER superglobal:

$url = parse_url($_SERVER['HTTP_REFERER']);

// checks proper domain only
// no reffer needed
if ($check!='your.domain.com')This doesn't allow for instances where no referrer information is present. Users can stop their browsers sending it, and some proxy servers strip it. A simple check would be:

/* Rest of the code nested here */

I disagree with [using META refresh]So do I.

Note that if the intention is to warn the user, it would be best to send a 303 Forbidden response. Starting a PHP file with:


header('HTTP/1.1 303 Forbidden');
would achieve that.

The other way to handle this is through URL rewriting. The mod_rewrite guide in the Apache documentation gives an example for this very situation:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
RewriteRule .*\.gif$ - [F]
Just change the expected Referer [sic] string (the !^ start and .*$ end should remain) and the file extension. You could include multiple extensions with:

RewriteRule .*\.(?:gif|jpeg|jpg)$ - [F]

11-13-2005, 02:35 AM
WOW, thanks for the lesson! Learning lots! :D

I was (still am) waiting for any help with my question and saw this post unanswered, so I dug into my snippets and lesson pages, and put this together. I still don't fully understand the mod_rewrites so I tend to steer away from those.

All of this, and the OP will prolly not check back, LOL!!

But HEY! I learned something and THAT is important! :D