Prevent People From Linking To Your Downloads

[s2city 0]

Ever find that found some people are listing items, images and tuts and linking directly to the download url (those that are like image.php?id=0). To prevent this, you can add a piece of code to the download pages that checks which page referred them to the download page: if it's your domain, it downloads the file normally, if it's not, it will redirect to your home page instead.

Important: Not all browsers log referrers, so this won't work depending on the browser the visitor uses and this method can be also bypassed, but it will work for for the major part of visitors.

<?php$yoursite = "yoursite.com"; //Your site url without http://$yoursite2 = "www.yoursite.com;; //Type your domain with www. this time$referer = $_SERVER['HTTP_REFERER'];//Check if browser sends referrer url or notif ($referer == "") { //If not, set referrer as your domain$domain = $yoursite;} else {$domain = parse_url($referer); //If yes, parse referrer}if($domain['host'] == $yoursite || $domain['host'] == $yoursite2) {//Run your dowloading code here normally} else {//The referrer is not your site, we redirect to your home pageheader("Location: http://yoursite.com");exit(); //Stop running the script}?>

[Saint_Michael 3]

Interesting script it's a smart idea to do something like that. When I check around I saw some other one's smaller in script size and yet do the same thing.Although this could be effective for those who have many downloads that need a password. But sites like filefront and megaupload make this script somewhat useless since people are saving their bw by uploading somewhere else.But either way interesting script.

[biscuitrat 0]

Oooh, very nice! No one ever seems to mention mass-hotlinking downloads, but thank you for this! In some distant future, when I offer templates or assorted goodies again, I'll check back to this...not that I don't have loads more bandwidth than I need currently, but why not

[delivi 0]

wow thats a great piece of code. i had code for preventing others from hotlinking pictures in my site and this will now make my downloads too unvulnerable.This will save a lot of bandwidth. Thanx friend

[FaLgoR 0]

That looks just good, could be useful to me as I like to use these kind of downloading codes. Just a simple question here: what exactly does the parse_url() function does? It sounds obvious if you see the code but I'm still a little confuse could you give me that little tip? thanks

[sportytalk 0]

I agree with the other replies on this thread. That code there is an interesting one, is quite long, but it's very easy to understand and sounds like it does its job.

I don't have a use for a download protection code as I don't have anything on my site which users can download, however, if I ever did have things which were up for download, there's a high chance I'd include a code similar to this one.
(I wouldn't want users from other people's websites coming to my website via a hyperlink to download something. They'd coming onto the website when they aren't actually browsing it or using it like a normal website, they'd be coming only to download, hence they would be using my bandwidth. Additionally, most of the users wouldn't realise they'd been referred to a different site that this other webmaster doesn't own and the users would still think they're on this other website).

As for the parse url, i've just researched it for you on the php manual section of the official php website.

Quote from http://forums.xisto.com/no_longer_exists/
This function parses a URL and returns an associative array containing any of the various components of the URL that are present.

This function is not meant to validate the given URL, it only breaks it up into the above listed parts. Partial URLs are also accepted, parse_url() tries its best to parse them correctly.

Basically, i haven't ever used the parse_url function but from what I understand it separates the address into each various sections, such as host and port.

Here is another quotation from the php manual. This is the section of the manual which states the various section which can be retrieved by using this parse_url function which s2city used in his code.

Return ValuesOn seriously malformed URLs, parse_url() may return FALSE and emit a E_WARNING. Otherwise an associative array is returned, whose components may be (at least one):


scheme - e.g. http
host
port
user
pass
path
query - after the question mark ?
fragment - after the hashmark #

If the component parameter is specified a string is returned instead of an array.

Hopefully you will find this post easy to understand.

Thanks for sharing your download protection with us s2city. Even though I most likely won't have a need to use the code, there's bound to be a lot of users that do need to use it and I feel quite confident in saying quite a few users will use your code, even if they don't give you feedback on their views
Edited November 18, 2006 by sportytalk (see edit history)