PHP breaks through the anti hotlinking measure of stream_context_create based on HTTP_REFERER

So if you're thinking about a break against hotlinking, you might want to consider tampering with HTTP_REFERER. The corresponding variable in the PHP script is $_SERVER['HTTP_REFERER'], which stores the value of HTTP_REFERER.

Since direct access to the target URL resource has been blocked by the above hotlinking protection measures, we need something like a gateway to get it. Basically, you write PHP scripts with wrapped HTTP headers.

Here is a simple function implementation:

 
function getRemoteFile($url, $refer = '') { 
$option = array( 
'http' => array( 
'header' => "Referer:$refer") 
); 
$context = stream_context_create($option); 
return file_get_contents($url, false, $context); 
} 

This is a relatively simple function, its function is forged Referer (use (link: http://cn2.php.net/stream_context_create)) and then obtain each other's data (using file_get_contents, need to open (link: http://cn.php.net/manual/en/features.remote-files.php)).

If you want to "complex", you can use (link: http://cn2.php.net/manual/en/book.sockets.php), it is not within the scope of here.

In addition, a regular function is provided to get the hostname

 
function getHost($url) { 
$result = preg_match('/^http://([d|w|.]+)//', $url, $matches); 
if (sizeof($matches) >= 2) { 
return $matches[1]; 
} else { 
return null; 
} 
} 

Further extensions can be wrapped into scripts and then called, for example

http://127.0.0.1/proxy.php? Url =http://i.am/img to get those links that turn on the anti-hotlinking measures (again, using Javascript to replace all the image links).