PHP breaks through the anti hotlinking measure of stream_context_create based on HTTP_REFERER
- 2020-03-31 21:39:07
- OfStack
So if you're thinking about a break against hotlinking, you might want to consider tampering with HTTP_REFERER. The corresponding variable in the PHP script is $_SERVER['HTTP_REFERER'], which stores the value of HTTP_REFERER.
Since direct access to the target URL resource has been blocked by the above hotlinking protection measures, we need something like a gateway to get it. Basically, you write PHP scripts with wrapped HTTP headers.
Here is a simple function implementation:
Further extensions can be wrapped into scripts and then called, for example
http://127.0.0.1/proxy.php? Url =http://i.am/img to get those links that turn on the anti-hotlinking measures (again, using Javascript to replace all the image links).
Since direct access to the target URL resource has been blocked by the above hotlinking protection measures, we need something like a gateway to get it. Basically, you write PHP scripts with wrapped HTTP headers.
Here is a simple function implementation:
function getRemoteFile($url, $refer = '') {
$option = array(
'http' => array(
'header' => "Referer:$refer")
);
$context = stream_context_create($option);
return file_get_contents($url, false, $context);
}
This is a relatively simple function, its function is forged Referer (use (link: http://cn2.php.net/stream_context_create)) and then obtain each other's data (using file_get_contents, need to open (link: http://cn.php.net/manual/en/features.remote-files.php)).
If you want to "complex", you can use (link: http://cn2.php.net/manual/en/book.sockets.php), it is not within the scope of here.
In addition, a regular function is provided to get the hostname
function getHost($url) {
$result = preg_match('/^http://([d|w|.]+)//', $url, $matches);
if (sizeof($matches) >= 2) {
return $matches[1];
} else {
return null;
}
}
Further extensions can be wrapped into scripts and then called, for example
http://127.0.0.1/proxy.php? Url =http://i.am/img to get those links that turn on the anti-hotlinking measures (again, using Javascript to replace all the image links).