habe es jetzt so gemacht und funzt
PHP-Code:
<?php
$req = $_SERVER['QUERY_STRING'];
$check = array('chr(', 'wget', 'cmd=', '(', ')', 'rush=', '%27', '/etc', '/passwd', '/CHR', '/dev', '/boot', '/exclude', '/homepages', '/proc', '/sbin', '/var', '/bin', '/lib', '/root', '/tmp', '/config.php', '%60', '%22', '%25', 'echr(', 'esystem(', 'cp%20', 'mdir%20', 'mcd%20', 'mrd%20', 'rm%20', 'mv%20', 'rmdir%20', 'chmod(', 'chmod%20', 'chown%20', 'chgrp%20', 'locate%20', 'grep%20', 'diff%20', 'kill%20', 'kill(', 'passwd%20', 'telnet%20', 'vi(', 'vi%20', 'INSERT%20INTO', 'SELECT%20', '$_REQUEST', '$_GET');
$doit = str_replace($check, '*', $req);
if ($req != $doit){
$addr = $_SERVER['REMOTE_ADDR'];
$usera = $_SERVER['HTTP_USER_AGENT'];
die( "<H1 style=\"border-bottom:2px dotted red;\">NICHT ERLAUBT!</H1><br /><font face=\"Courier\" size=\"2\"><b>User-Agent:</b> $usera<br /><b>HOST:</b> $addr</font>" );}
$ref = $HTTP_REFERER;
$pizza = $ref;
$teile = explode("/dir", $pizza);
$checkpic = $teile[0];
if($checkpic == "http://www.domain.de"){
$dl = $_GET['name'];
if(preg_match("\.\.\/",$dl, $match)){
die("NOT ALLOWED");
}
if(file_exists($dl)){
$size = filesize ($dl);
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: image/jpeg");
header( "Content-Disposition: attachment; filename=\"$dl\"");
header ("Accept-Ranges: bytes");
header ("Content-Length: " . $size);
@readfile($dl);
}
}
else{
echo '<CENTER><cite>YOUR</cite> <u>REFERER</u> CANT GET THIS PICTURE<br />PLEASE VISIT THE HOST<br /><b>» [url]WWW.DOMAIN.DE «[/url]</b><br />TO DOWNLOAD THIS PICTURE</CENTER>';
}
?>
edit:
sieht nen bissel komisch aus nen paar sachen fehlen, hat des forum rausgeschnitten
Einen Kommentar schreiben: