Jump to content

Help with anti-leech script

verotik

By verotik
in PHP Coding Help

Recommended Posts

verotik Newbie

verotik

Posted
Posted
We have setup embedded video for hosting on a message board and installed a php script to block leeching.  The problem we are having is that you can only specify a base directory rather than multiple directories.  Is there a way to setup a variable to specify muliple directories to block leeching?  here is the script:

The setup for the base directory is in line 15-17
<?php

###############################################################
# File Download 1.1
###############################################################
# Visit http://www.zubrag.com/scripts/ for updates
###############################################################
# Sample call:
#    download.php?f=phptutorial.zip
#
# Sample call (browser will try to save with new file name):
#    download.php?f=phptutorial.zip&fc=php123tutorial.zip
###############################################################

// Download folder, i.e. folder where you keep all files for download.
// MUST end with slash (i.e. "/" )
define('BASE_DIR','/Inetpub/wwwroot/BASEDIRECTORYHERE/noleech/');

// log downloads?  true/false
define('LOG_DOWNLOADS',true);

// log file name
define('LOG_FILE','leecher.log');

// Allowed extensions list in format 'extension' => 'mime type'
// If myme type is set to empty string then script will try to detect mime type
// itself, which would only work if you have Mimetype or Fileinfo extensions
// installed on server.
$allowed_ext = array (

  // archives
  'zip' => 'application/zip',

  // documents
  'pdf' => 'application/pdf',
  'doc' => 'application/msword',
  'xls' => 'application/vnd.ms-excel',
  'ppt' => 'application/vnd.ms-powerpoint',
 
  // executables
  'exe' => 'application/octet-stream',

  // images
  'gif' => 'image/gif',
  'png' => 'image/png',
  'jpg' => 'image/jpeg',
  'jpeg' => 'image/jpeg',

  // audio
  'mp3' => 'audio/mpeg',
  'wav' => 'audio/x-wav',

  // video
  'mpeg' => 'video/mpeg',
  'mpg' => 'video/mpeg',
  'mpe' => 'video/mpeg',
  'mov' => 'video/quicktime',
  'avi' => 'video/x-msvideo',
  'wmv' => 'video/x-ms-wmv'
);



####################################################################
###  DO NOT CHANGE BELOW
####################################################################

$allowed = 0;
include('config.php');

if($allowblank > 0) { if($_SERVER['HTTP_REFERER']=="") { $allowed = 1; }}

$domains = count($alloweddomains);

for($y=0;$y<$domains+1;$y++) {
if((stristr($_SERVER['HTTP_REFERER'], $alloweddomains[$y]))) { $allowed = 1;}
}

if($allowed > 0) {

if (!isset($_GET['f']) || empty($_GET['f'])) {
  die("Please specify file name for download.");
}

// Get real file name.
// Remove any path info to avoid hacking by adding relative path, etc.
$fname = basename($_GET['f']);

// Check if the file exists
if (!is_file(BASE_DIR . $fname)) {
  die("File does not exist. Make sure you specified correct file name.");
}

// file size in bytes
$fsize = filesize(BASE_DIR . $fname);

// file extension
$fext = strtolower(substr(strrchr($fname,"."),1));

// check if allowed extension
if (!array_key_exists($fext, $allowed_ext)) {
  die("Not allowed file type.");
}

// get mime type
if ($allowed_ext[$fext] == '') {
  $mtype = '';
  // mime type is not set, get from server settings
  if (function_exists('mime_content_type')) {
    $mtype = mime_content_type(BASE_DIR . $fname);
  }
  else if (function_exists('finfo_file')) {
    $finfo = finfo_open(FILEINFO_MIME); // return mime type
    $mtype = finfo_file($finfo, BASE_DIR . $fname);
    finfo_close($finfo); 
  }
  if ($mtype == '') {
    $mtype = "application/force-download";
  }
}
else {
  // get mime type defined by admin
  $mtype = $allowed_ext[$fext];
}

// Browser will try to save file with this filename, regardless original filename.
// You can override it if needed.

if (!isset($_GET['fc']) || empty($_GET['fc'])) {
  $asfname = $fname;
}
else {
  $asfname = $_GET['fc'];
}

// set headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $mtype");
header("Content-Disposition: attachment; filename=\"$asfname\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . $fsize);

// download
@readfile(BASE_DIR . $fname);

// log downloads
if (!LOG_DOWNLOADS) die();

$f = @fopen(LOG_FILE, 'a+');
if ($f) {
  @fputs($f, date("m.d.Y g:ia")."  ".$_SERVER['REMOTE_ADDR']."  ".$fname."\n");
  @fclose($f);
}
}

else {
if($logging > 0){
$status = "Denied";
include('logit.php');
}
exit;
//quiet leech kill
}

?>
Link to comment
https://forums.phpfreaks.com/topic/30055-help-with-anti-leech-script/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.