I found a cool image leech protection script from EvilWalrus, that works , but not in the way I want it to:
okay, here's teh script:
// secret image directory
$sDir = "/apache/htdocs/down/downloads/";
// clean the $img variable up
$img = stripslashes(ltrim(rtrim($img)));
// create absolute path to image
$fDir = $sDir.$img;
// These are the allowable content types
$allowExt = array("gif","jpg","png");
// sites to allow
$allowSite = array("http://localhost/down/admin_downloads.php","http://localhost/down/downloads.php","http://localhost/down/downloads_info.php");
// check if the file exists
if(file_exists($fDir))
{
if(!in_array($HTTP_REFERER,$allowSite))
{
echo "Site not allowed $HTTP_REFERER";
die();
}
// check if the content is allowable according to the array();
if(!in_array(substr($img,-3),$allowExt))
{
print("Invalid image name/extension");
die();
}
else
{
$fType = substr($img,-3);
// change the jpg ext. to jpeg
if($fType == "jpg") $fType = "jpeg";
// define the content type
Header("Content-type: image/$fType");
$fp = @fopen($fDir,"rb");
// display the output
fpassthru($fp);
fclose($fp);
}
}
else
{
print("File does not exist");
die();
}
The script works if I PUT the exact file name in to the php file, but I have "dynamic" produced links that wont be able to "get permission" to access the images. Above in the array I have exact file names, so of course this will muck it up for files that call on blah.php?blah=## .
Actually, i jsut want to grant permission for ALL within my site to access the images.
how can I change it so that it does?
