Forged referer example code is mainly used to break through anti-leeching.
Here is the complete program. You can modify it yourself for specific applications.
The example I give here is very simple. In fact, many applications can be developed from this example. For example, hiding the real URL address... Hehe, just analyze it yourself and create a new file file.php here. The following parameter is the target address of the referfer that needs to be forged. For example: file.php/http://www.xxx.xxx/xxx.mp3
<?
$url=str_replace('/file.php/','',$_SERVER["REQUEST_URI"]);//Get the URL that needs to be converted. I'm being lazy here and won't do the security check. I'll add it myself if needed.
$downfile=str_replace(" ","%20",$url);//Replace spaces and the like, you can replace them according to the actual situation
$downfile=str_replace(" http://","",$downfile);// Remove http://
$urlarr=explode("/",$downfile);//Use "/" to decompose the domain name
$domain=$urlarr[0];//Domain name
$getfile=str_replace($urlarr[0],'',$downfile);//Get the GET part in the header
$content = @fsockopen("$domain", 80, $errno, $errstr, 12);//Connect to the target host
if (!$content){//If the link cannot be uploaded, an error will be prompted
die("Sorry, cannot connect to $domain.");
}
fputs($content, "GET $getfile HTTP/1.0rn");
fputs($content, "Host: $domainrn");
fputs($content, "Referer: $domainrn");//Forged part
fputs($content, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)rnrn");
while (!feof($content)) {
$tp.=fgets($content, 128);
if (strstr($tp,"200 OK")){ //Some explanation should be given here. The first line of the header is generally the status of the requested file. For details, please refer to HTTP 1.1 status codes and their meanings hi.baidu.com/110911/blog/item/21f20d2475af812ed50742c5.html This is the normal file request status, just redirect it directly. Continue execution of programs in other states
header("Location:$url");
die();
}
}
//302 redirection, most anti-hotlink systems first determine the referfer, and then redirect to the real address if it is correct. The following is to obtain the real address.
$arr=explode("n",$tp);
$arr1=explode("Location: ",$tp);//Extract the true address behind Location
$arr2=explode("n",$arr1[1]);
header('Content-Type:application/force-download');//Force download
header("location:".$arr2[0]);//Redirect to target address
die();
?>
This program can only be used for the anti-hotlinking system that uses referer to determine whether it is hotlinked. If other special methods are used to prevent hotlinking, this estimate will not be applicable.