I recently found this anti leech script, if everything is legit and isn't leeched the script promts a download window allowing to download a file, my question is how can I make it to just show an image instead of making a download window for downloading that image appear? <?php require "config.inc.php"; $filename = stripslashes($_REQUEST['file']); $path = $_REQUEST['path']; $refr = getenv("HTTP_REFERER"); list($remove,$stuff)=split('//',$refr,2); list($domain,$stuff)=split('/',$stuff,2); if(in_array($domain, $approvedDomains)!="1"){ echo "You are not permitted to download that file!<br><a href='".$badreferrer."'>Click here to get a proper link!</a>"; exit; } else { if(is_file($realDLfolder.$path.$filename)!==true){ echo "That file can't be found!<br><font color='red'>".$path.$filename."</font><br><br><a href='".$badreferrer."'>Click here to get a proper link!</a>"; exit; } else { // File exists, referrer checks out, and file is accessible to webserver... Let's download! $filesize = filesize($realDLfolder.$path.$filename); if (ereg(".mp3",$filename)){$xtype="audio/mpeg";} elseif(ereg(".zip",$filename)){$xtype="application/x-zip-compressed";} elseif(ereg(".exe",$filename)){$xtype="application/octet-stream";} elseif(ereg(".txt",$filename)){$xtype="text/plain charset='us-ascii'";} elseif(ereg(".doc",$filename)){$xtype="application/msword";} elseif(ereg(".xls",$filename)){$xtype="application/vnd.ms-excel";} elseif(ereg(".ppt",$filename)){$xtype="application/vnd.ms-powerpoint";} elseif(ereg(".gif",$filename)){$xtype="image/gif";} elseif(ereg(".png",$filename)){$xtype="image/png";} elseif(ereg(".jpg",$filename)){$xtype="image/jpg";} elseif(ereg(".wav",$filename)){$xtype="audio/x-wav";} elseif(ereg(".mpe",$filename)){$xtype="video/mpeg";} elseif(ereg(".mov",$filename)){$xtype="video/quicktime";} elseif(ereg(".avi",$filename)){$xtype="video/x-msvideo";} else { $xtype="application/force-download"; } $fp=@fopen($realDLfolder.$path.$filename,"rb"); if ($fp) { // Create the headers used for downloading the file header("Content-Transfer-Encoding: binary"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: ".$xtype); header("Accept-Ranges: bytes"); header("Content-Disposition: attachment; filename=\"".$filename."\";"); header("Content-Length: ".$filesize); // Actually start downloading the file while (!feof($fp)) { echo(@fgets($fp, 4096)); } fclose ($fp); } else { echo "There was a problem downloading that file!<br><font color='red'>".$path.$filename."</font><br><br><a href='".$badreferrer."'>Click here to get a proper link!</a>"; exit; } } } ?> Code (markup): Thanks! P.S. I do know that there is the config.inc.php file too, but I think it's irrelevant for my question, it's just checking the domain name.
Are you using the anti-leech for ONLY image files, or do you want it to check if it's a image being requested and apply the appropriate changes
You can't rely on HTTP_REFERER as it can be faked easily, and not all browsers support it. Another, and more reliable method to verify if a user comes from your website is, to start a session on one of your pages where the user has to pass first, and then in the download or show script check if this session is set. And to just show the pic, try removing these lines. header("Content-Transfer-Encoding: binary"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Accept-Ranges: bytes"); header("Content-Disposition: attachment; filename=\"".$filename."\";"); PHP:
Thanks, I didn't work but when I put that part back and tried one final time it worked.... wierd... Thanks for the tip, I'll keep that in mind.