Quote:$url = parse_url($_SERVER['HTTP_REFERER']);
if ($url['host']!='yourdomain.com') {
exit("You can't download this file");
}
https://community.mybb.com/post-1056804.html
This method does not work
my forum guest should view attachfile
I'm not sure if this is the cause, but domain names are case insensitive, so you should convert $url['host'] to either all caps or all lowercase before the comparison. Also, in your example, you say 'yourdomain.com' excluding the 'www' subdomain.
Alternatively, some browsers do not send the REFERER header due to privacy concerns.
(2018-08-28, 09:30 PM)laie_techie Wrote: [ -> ]I'm not sure if this is the cause, but domain names are case insensitive, so you should convert $url['host'] to either all caps or all lowercase before the comparison. Also, in your example, you say 'yourdomain.com' excluding the 'www' subdomain.
Alternatively, some browsers do not send the REFERER header due to privacy concerns.
some browsers do not send the REFERER header due to privacy concerns.
yes this is why I can't use that method...
should I set rewrite file in nginx or apache ?
(2018-08-28, 10:41 PM)alstn13178 Wrote: [ -> ] (2018-08-28, 09:30 PM)laie_techie Wrote: [ -> ]I'm not sure if this is the cause, but domain names are case insensitive, so you should convert $url['host'] to either all caps or all lowercase before the comparison. Also, in your example, you say 'yourdomain.com' excluding the 'www' subdomain.
Alternatively, some browsers do not send the REFERER header due to privacy concerns.
some browsers do not send the REFERER header due to privacy concerns.
yes this is why I can't use that method...
should I set rewrite file in nginx or apache ?
If the browser doesn't send the header, your server (either nginx or apache) won't have access to it. All you can do is see if the header was sent, and if it was compare it to your domain. If it's blank you don't know if it's hot-linked or not.
edit:don't work
Ah I got solution
in attachment.php
if(!isset($mybb->cookies['mybb']['threadread']))
error("no");