Antileech

[xam]

Hello all,

I've a problem with my script.
I'm using an antileech script, it's using mysql
Path file to download categories in config: ./stored/
I've uploaded a test file (test.rar) to category folder ( /stored/appz/test.rar)
I got the file link from admin cp: <a href="http://mydomain/dll/leech?cat=Appz&file=test.rar">test.rar</a>
When I click on the "download" button, here I go: http://mydowmain/dll/download/a69b2c...e56f1/test.rar
and I got "Íåâåðíûé çàïðîñ!" error..
Whats wrong?

CODEfunction GetParams () {
$PHP_SELF = $_SERVER['PHP_SELF'];
$params = substr(getenv('REQUEST_URI'), -(getenv('REQUEST_URI')-strlen($_SERVER['SCRIPT_NAME'])));
$param = explode('/', $params);
array_shift($param);
if (sizeof($param) < 2) {
echo "Íåâåðíûé çàïðîñ!".NL;
exit;
}
return $param;
}


Íåâåðíûé çàïðîñ!: that means Incorrect demand or Invalid URL

[BLiZZaRD]

Well, anti-leech by design is to make visitors go to pages on your site by link only... seems you are also checking for refer page, which isn't needed.

maybe try this:

Code:

<?
// this parse's into the following: $url["scheme"], $url["host"], $url["path"]
$url = parse_url($HTTP_REFERER); 

//$url["host"] could be in uppercase so.. new var to lower
$check=strtolower($url["host"]);

// checks proper domain only
// no reffer needed
if ($check!='your.domain.com')
{
echo "<meta http-equiv=\"refresh\" content=\"0; url=http://your.domain.com/warn_page_or_redirect\">";
exit;
}
?>

Just change the domain to yours and paste into all pages needed. Visitor can not access a page directly through the URL

[Twey]

I disagree with this:

Code:

echo "<meta http-equiv=\"refresh\" content=\"0; url=http://your.domain.com/warn_page_or_redirect\">";

Use:

Code:

header("Location: http://your.domain.com/warn_page_or_redirect");

[BLiZZaRD]

I disagree with this:

Well you know best, I have been trying (learning) php for only about 2 months
and serious about it for about 1 week


Consider this another lesson learned!

[Twey]

Should've given a reason, sorry. Some browsers don't support the meta refresh, and some people disable it. Hence, sending an HTTP Location: header is better.

[mwinter]

<?

It's generally considered better to avoid short tags. Use

Code:

<?php

instead.

$url = parse_url($HTTP_REFERER);

Expecting register_globals to be on is also inadvisable. Use the $_SERVER superglobal:

PHP Code:

$url = parse_url($_SERVER['HTTP_REFERER']); 


// checks proper domain only
// no reffer needed
if ($check!='your.domain.com')

This doesn't allow for instances where no referrer information is present. Users can stop their browsers sending it, and some proxy servers strip it. A simple check would be:

PHP Code:

if($_SERVER['HTTP_REFERER']) {
  /* Rest of the code nested here */
} 


I disagree with [using META refresh]

So do I.

Note that if the intention is to warn the user, it would be best to send a 303 Forbidden response. Starting a PHP file with:

PHP Code:

<?php

header('HTTP/1.1 303 Forbidden');
?>

would achieve that.

The other way to handle this is through URL rewriting. The mod_rewrite guide in the Apache documentation gives an example for this very situation:

Code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
RewriteRule .*\.gif$        -                                    [F]

Just change the expected Referer [sic] string (the !^ start and .*$ end should remain) and the file extension. You could include multiple extensions with:

Code:

RewriteRule .*\.(?:gif|jpeg|jpg)$      -                         [F]

Mike

[BLiZZaRD]

WOW, thanks for the lesson! Learning lots!

I was (still am) waiting for any help with my question and saw this post unanswered, so I dug into my snippets and lesson pages, and put this together. I still don't fully understand the mod_rewrites so I tend to steer away from those.

All of this, and the OP will prolly not check back, LOL!!

But HEY! I learned something and THAT is important!