Well I looked all over the web for an hour and found nothing, so I built my own. Here it is in case original poster didn't find a solution or another individual in the future needs an answer to the same problem.
<?php
Cheap "invalid referer rejection" script for downloads.
by Flatnoise.com ; inspired from oreilly tutorial.
#
howto?
if referer or filename is bad, then download is rejected.
#
put the following .htaccess in a well configured apache FILEDIR
as defined with /path/to/files/directory/ below
#
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName DenyViaWeb
AuthType Basic
#
<Limit GET>
order allow,deny
deny from all
</Limit>
#
Last modified April 26, 2002
// modify next two values.
$referers = array ('domain.com','www.domain.com','192.168.1.1');
define('FILEDIR', '/path/to/files/directory/');
// don't touch beyond here...
$path = FILEDIR . $file;
//check that the user has permission to download file
if ($referers) {
if (!(check_referer($referers))) {
exit;
}
}
//check that this file exists and that it doesn't include
//any special characters
if(!is_file($path) OR !eregi('^[A-Z_0-9][A-Z_0-9.]*$', $file))
{
print "An error occured with the filename or path.";
exit();
}
$p = explode('.', $file);
$pc = count($p);
//force download dialog
header("Content-type: application/octet-stream\n");
header("Content-disposition: attachment; filename=\"$file\"\n");
header("Content-transfer-encoding: binary\n");
header("Content-length: " . filesize($path) . "\n");
//send file contents
$fp=fopen($path, "r");
fpassthru($fp);
function check_referer($referers) {
if (count($referers)) {
$found = false;
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
for ($x=0; $x < count($referers); $x++) {
if (eregi ($referers[$x], $referer)) {
$found = true;
}
}
if (!getenv("HTTP_REFERER"))
$found = false;
if (!$found){
print "You are coming from an <b>unauthorized domain.</b>";
}
return $found;
} else {
return true; // not a good idea, if empty, it will allow it.
}
}
?>
