Is there an easy PHP script to prevent hotlinking movies?
 

I've seen some sites use PHP for big downloads... are these just download counters -- or are they for blocking hotlinkers...? or...?

Most, if not all, of the functions used for reading the contents of a file and passing it to the output buffer are memory hogs when it comes to large media files. This goes for any scripting technology. I have a script laying around somewhere...icq me if you want to try it.

I've seen PHP scripts used to block hotlinking of media doing something like the following:

1. User visits main site or gallery.
2. PHP script adds the surfer's IP to a list of valids.
3. Large file downloads are checked by IP against the list of valids. Invalids are redirected to main site or gallery. Valids receive the file (via either passthru or protected rewrite).
4. Valids are removed from the list after not being seen for an hour or so.

This approach has problems when the surfer doesn't have a consistent IP address (eg, anyone using AOL as an ISP), and can cause spurious alerts from tools testing/verifying a site's structural integrity.

http://www.apscripts.com/fun/link_file.zip

No warranty, expressed or implied :)

This is a referrer based rejection script that allows blank referrers if you so desire.

I haven't really experimented with this script. There are probably better ways, too.

If you are allowing file(s) for download, then a good thing you can do with php is check the referer, and then if it's good, set the headers and let them download it. Doing it that way, you can put your files above the document root, therefore people can't link directly to the file.

Contact me if you want more info or anything.

That is not a long term solution.

The rererer can easily be spoofed.

Hey,

Yes you can use php - all it usually does is checks that you are coming from your domain, for example if your domain is www.porn.com it will check that the referer was www.porn.com/something/something

Its probably better to use .htaccess file(s) that way you are defo coverered:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.com/.*$ [NC]
RewriteRule .(gif|jpg|mpeg|avi|mpg)$ - [F]

(save as .htaccess/upload and rename as .htaccess)

If you put a .htaccess file in your root directory it will apply for your whole site. If you just wanna protect the media in a folder then just stick one in the folder.

:glugglug

It's good enough to stop the averarage or even the above average surfer.

I agree, its like anything though - cookies for example, only 85% of visitors allow them... :glugglug

thanks guys... yeah i'm not building a piano...

so how do i do a file above htdocs? then i'd still have that memory problem, right?

My anti leech software is written in Perl

http://www.freeones.com/videos/

The link to the video looks like this
http://www.freeones.com/videos/mpegs...g02jastour.mpg

The Url is only valid for a specific time. Each visitor has its own Url. This is pretty much the only solution to make it working for everybody. Cookies and IP's don't

So the hot linking website is going to instruct porn hungry users on how to code their own browser to send a spoofed request header? Protecting by http_referer is just fine. Even if the user doesn't send a referrering url you should give them the file. The hot linking website cannot do anything but provide an href.

The only problem with the lavascript setting of the permitting cookie for use with htaccess...is the fact that most TGPs ban lavascript. Using a php for your gallery page to set the cookie would be fine - again, if the tgp allows (maybe this movie gallery isn't even intended for tgps anyway!). Just because you're running a php doesn't mean your content is dynamic...if you want to fake out TGP software you can just use an htaccess to parse .html files with the php engine.

Frankly...I don't see why EVERYONE doesn't use the htaccess method as it is mentioned here. It is freely available, works great, and doesn't waste server resources like *any* other solution. And I can't see any hot linking website going to the trouble of setting an arbitrary cookie just to fake out your htaccess.

Here is an awesome script function that I use to send files to the browser, it controls the memory buffer and also kills the script in the event the user cancels that way your CPU/PHP processes are not running till completed on 50mb files, if you need any php/mysql programming done please let me know I am for hire. Also I didn't leave out or miss anything when coping the code because I left out some stuff that I use to check that the user has access. I also cleaned it up a little bit to be more simplified any php programmer should be able to see what the code below was intended to do, so without further babble here it is:


send_file($path,$fileid) {
// Sets Variables

$status = FALSE;
$name = "asianxxx_" . "$fileid" . ".zip";

// Returns false if connection ends or path is invalid

if (!is_file($path) or connection_status()!=0) return(FALSE);

// Set the Headers

header("Content-type: application/octet-stream");
header("Content-Disposition: inline; filename=\"".$name."\"");
header("Content-length: ".(string)(filesize($path)));
header("Expires: ".gmdate("D, d M Y H:i:s", mktime(date("H")+2, date("i"), date("s"), date("m"), date("d"), date("Y")))." GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");

// Send the file with an 8k Memory Buffer and still connected

if ($file = fopen($path, 'rb')) {
while(!feof($file) and (connection_status()hahahaha0)) {
print(fread($file, 1024*8));
flush();
}
$status = (connection_status()hahahaha0);
fclose($file);
}
return($status);
}

// Here is the routine I use to call the function above...

if (!send_file($path,$itemid)) {
// Runs the below commands if the download failed

} else {
// Runs the below commands if the download was successful


}

Oh oops - nevermind. I thought that the .htaccess method mentioned here was the method that actually works. This code:

RewriteRule .(gif|jpg|mpeg|avi|mpg)$ - [F]

is useless for movie files because most media players don't send a referring url at all, ever. People always suggest this - but I don't think they ever test it ;) The browser spawns the media player as a helper application...it is a seperate deal.

The htaccess method that DOES work...is the one where the gallery page, with the thumbnails, sets a cookie permitting access to an htaccess protected directory. If the user doesn't have the cookie and they try to access a file in the directory, they get your cheater page.

This industry needs to ditch cookie monster traffic anyway. Who is it useful to? With over half the partner programs out there relying on cookies to track sales...do you really care if a non-cookie accepting user gets your cheater page?

Ideally, your cookie monster page should be full of sponsor links that have only sponsors that do not rely on cookies to track sales. Maybe though, you'll just send these people through your cj system to make it look like real, worthwhile traffic ;)

The above code post was filtered and the below code parts were replaced with:

connection_status()hahahaha0

The code should have been the below minus the "/" in between:

connection_status()=/=0

http://www.zoink.org/prevent-hotlinking-of-movies.html
Is a quick and dirty way to do it with cookies and .htaccess that works. Problem is Around 90% people have cookies on, so if they don't, redirect them to somewhere that accepts sales on non-cookie traffic or redirect them to a page saying "to access this site you must have cookies on".
ZoiNk

Bravo ZoiNk! Everybody should do this! It is cheap (resources), and free. This is a shorter, more sensible version of my previous posts! ;)

eh... yer a genius. :thumbsup