我已经打了一个星期对抗这个问题.我有一个页面,我们只想从其他域访问.有可能使用PHP或.htaccess吗?我已经在这里发布了几次尝试这样做,似乎没有任何效果.请帮忙!
<?php
$allowed_domains = array('dirtybirddesignlab.com','foo.com');
$REFERRER = $_SERVER['HTTP_REFERER'];
if ($REFERRER == '') {
exit(header('Location: 404.php'));
}
$domain = substr($REFERRER, strpos($REFERRER, '://')+3);
$domain = substr($domain, 0, strpos($domain, '/'));
if (!in_array($domain, $allowed_domains)) {
exit(header('Location:404.php'));
}
?>
要扩展我的评论,请参阅行if ($REFERRER == '')块.
<?php
$allowed_domains = array('mydomain.com','yourdomain.com');
$REFERRER = $_SERVER['HTTP_REFERER'];
if ($REFERRER == '') {
// What do you do here?
}
$domain = substr($REFERRER, strpos($REFERRER, '://')+3);
$domain = substr($domain, 0, strpos($domain, '/'));
if (!in_array($domain, $allowed_domains)) {
exit(header('Location: error.php'));
}
?>
请注意,以上内容将始终引用那些未报告引荐来源的浏览器重定向到error.php页面.
我的建议是做点什么......
例如...
他们的域名
<?php
$dsalt = "AAAAB3NzaC1yc2EAAAABJQAAAIBNnuGAM6ZKURAS9h9ag".
"H85T1eIE+jlLkq7GhFny8wMJNpSM0stTDWeEYfL+4xWIE".
"lIF3NFvRpDAG/cgXuVmlBcO0ZxxKosrDv0dXCXNt5ciPJ".
"UjFi1e0FEJtkO32xrTDEB2IUg9rZ0tiqqsqnTCZBQ4AEvpMi";
$dkey = sha1($dsalt.date('mDY G'));
// ... Other stuff or whatnot, possible the above is also just an include file
// Then, they use it...
echo "<a href=\"http://yourdomain.com/download.php?key=$dkey\">Download stuff</a>";
?>
您的域名 - 包含('/ path/to/domaincheck.php')
<?php
$dkey = $_GET['key'];
$dsalt = "AAAAB3NzaC1yc2EAAAABJQAAAIBNnuGAM6ZKURAS9h9ag".
"H85T1eIE+jlLkq7GhFny8wMJNpSM0stTDWeEYfL+4xWIE".
"lIF3NFvRpDAG/cgXuVmlBcO0ZxxKosrDv0dXCXNt5ciPJ".
"UjFi1e0FEJtkO32xrTDEB2IUg9rZ0tiqqsqnTCZBQ4AEvpMi";
if (sha1($dsalt.date('mDY G')) != $dkey) {
exit(header('Location: error.php'));
}
?>
请注意$ dsalts是相同的.我用puttgen.exe生成了它.
沿着那条线的东西.您将需要处理密钥可能过期的情况,或诸如此类的东西.另一种方法可能是在具有时间戳的服务器之间共享有效的$ dkey,并在一定时间(可能是一小时)后使它们到期.
theirserver.com和yourserver.com
浏览器
| 归档时间: |
|
| 查看次数: |
2950 次 |
| 最近记录: |