Merlin wrote:
I am trying to prevent hotlinking of images by other servers.
Pictures are generated on the fly by a php script, where I have included this code to prevent hot linking:
$haystack = $_SERVER['HTTP_REFERER']; $needle = 'globosapiens'; $pos = strpos($haystack, $needle); if ($pos === false) { // not from globosapiens HEADER("Location:/g/p/2/hotlink_banner.gif"); exit; }
It workes, but not for everybody. Some user tell me that they see the hotlink_banner.gif on my website as well. How is this possible?
HTTP_REFERER is not a reliable value. It is set by the client and some clients and/or proxies will either not set it or clear it's value.
You'd be best to handle this at the web server level. You could use sessions, too, and set a session variable on one of the pages leading into your gallery and then check for that variable when they request images. It can be spoofed (like any other solution), but it would take some work.
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
