PDA

View Full Version : Antileech



xam
11-09-2005, 08:30 PM
Hello all,

I've a problem with my script.
I'm using an antileech script, it's using mysql
Path file to download categories in config: ./stored/
I've uploaded a test file (test.rar) to category folder ( /stored/appz/test.rar)
I got the file link from admin cp: <a href="http://mydomain/dll/leech?cat=Appz&file=test.rar">test.rar</a>
When I click on the "download" button, here I go: http://mydowmain/dll/download/a69b2c975d41...de56f1/test.rar
and I got "Неверный запрос!" error..
Whats wrong?

CODEfunction GetParams () {
$PHP_SELF = $_SERVER['PHP_SELF'];
$params = substr(getenv('REQUEST_URI'), -(getenv('REQUEST_URI')-strlen($_SERVER['SCRIPT_NAME'])));
$param = explode('/', $params);
array_shift($param);
if (sizeof($param) < 2) {
echo "Неверный запрос!".NL;
exit;
}
return $param;
}


Неверный запрос!: that means Incorrect demand or Invalid URL

BLiZZaRD
11-12-2005, 01:33 PM
Well, anti-leech by design is to make visitors go to pages on your site by link only... seems you are also checking for refer page, which isn't needed.

maybe try this:


<?
// this parse's into the following: $url["scheme"], $url["host"], $url["path"]
$url = parse_url($HTTP_REFERER);

//$url["host"] could be in uppercase so.. new var to lower
$check=strtolower($url["host"]);

// checks proper domain only
// no reffer needed
if ($check!='your.domain.com')
{
echo "<meta http-equiv=\"refresh\" content=\"0; url=http://your.domain.com/warn_page_or_redirect\">";
exit;
}
?>




Just change the domain to yours and paste into all pages needed. Visitor can not access a page directly through the URL

Twey
11-12-2005, 04:00 PM
I disagree with this:

echo "<meta http-equiv=\"refresh\" content=\"0; url=http://your.domain.com/warn_page_or_redirect\">";
Use:

header("Location: http://your.domain.com/warn_page_or_redirect");

BLiZZaRD
11-12-2005, 05:02 PM
I disagree with this:


Well you know best, I have been trying (learning) php for only about 2 months
and serious about it for about 1 week :p


Consider this another lesson learned! :D

Twey
11-12-2005, 07:44 PM
Should've given a reason, sorry. Some browsers don't support the meta refresh, and some people disable it. Hence, sending an HTTP Location: header is better.

mwinter
11-12-2005, 11:44 PM
<?It's generally considered better to avoid short tags. Use



<?php
instead.


$url = parse_url($HTTP_REFERER);Expecting register_globals to be on is also inadvisable. Use the $_SERVER superglobal:



$url = parse_url($_SERVER['HTTP_REFERER']);



// checks proper domain only
// no reffer needed
if ($check!='your.domain.com')This doesn't allow for instances where no referrer information is present. Users can stop their browsers sending it, and some proxy servers strip it. A simple check would be:



if($_SERVER['HTTP_REFERER']) {
/* Rest of the code nested here */
}




I disagree with [using META refresh]So do I.

Note that if the intention is to warn the user, it would be best to send a 303 Forbidden response. Starting a PHP file with:



<?php

header('HTTP/1.1 303 Forbidden');
?>
would achieve that.

The other way to handle this is through URL rewriting. The mod_rewrite guide in the Apache documentation gives an example for this very situation:



RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
RewriteRule .*\.gif$ - [F]
Just change the expected Referer [sic] string (the !^ start and .*$ end should remain) and the file extension. You could include multiple extensions with:



RewriteRule .*\.(?:gif|jpeg|jpg)$ - [F]
Mike

BLiZZaRD
11-13-2005, 01:35 AM
WOW, thanks for the lesson! Learning lots! :D

I was (still am) waiting for any help with my question and saw this post unanswered, so I dug into my snippets and lesson pages, and put this together. I still don't fully understand the mod_rewrites so I tend to steer away from those.

All of this, and the OP will prolly not check back, LOL!!

But HEY! I learned something and THAT is important! :D