Just thought it'd be nice to share these scripts. Yes I know there's better out there - but it should give you something useful to start from.
Please feel free to linkback to phorce.co.uk 
dl.php
PHP Code:
<?
ob_start('ob_gzhandler');
session_start();
$files=array( 'cracker.rar','rot13.rar','encrypt.rar','xorphrase.rar');
$filenames=array( 'TextCracker.rar','ROT13.rar','Encrypt.rar','XORPhrase.rar');
$additional_info=array(
'Something I threw together for quick visual-decryption for lame protections such as ADD/SUB/NOT/XOR - supports WORD encryption as well as BYTE. Source included as I couldn\'t be bothered to include checks.',
'Another ROT13 routine. This one works for upper and lower-case characters and doesn\'t ruin non-alpha characters - with source.',
'A simple byte ADD/SUB that supports C array listings - so you can encrypt a list of names without ruining CR, LF comma\'s and " (which i\'ve found useful quite a lot myself). Source included.',
'Based on my KeyMaster from the 8-bit, 6502, 1Mhz system (Commodore 64!) which used something like up to 16384 bit encryption. The longer and more nonsensical the PHRASE you encode with, the less chance of it being cracked. It XOR\'s the target text using the phrase you enter. Probably buggy so source is included if you want to fix it up.');
// Hide below Webroot :D
$url= "D:\\phorce.co.uk\\dl\\";
$referer=ereg_replace( "\?.", "",$_SERVER['HTTP_REFERER']);
$thisfile= "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
if ($referer!=$thisfile){
echo "<title>Phorce download section</title><center><big><a href=\"http://www.phorce.co.uk/index.php\">Click me to visit the main site</big><br><hr><br><br></center>";
for ($i=0;$i<count($files);$i++)
echo "<P><A HREF=\"$PHP_SELF?x=$i\">",$filenames[$i], "</A> $additional_info[$i]\n";
}
else {
$i=$_GET['x'];
$total=$url . $files[$i];
$_SESSION['filelink']=$total;
$_SESSION['filename']=$filenames[$i];
header("Location: log.php");
}
?>
img.php;
PHP Code:
<?php
ob_start('ob_gzhandler');
session_start();
header('Content-type: image/png');
header('Cache-control: private');
$y=15;
$sNo = $_SESSION['checkno'];
$v1 = (rand()%63)+192;$v2 = (rand()%63)+192;$v3 = (rand()%63)+192;
$im = imagecreatetruecolor(200, 60);
$ang = rand()%10;$ang2 = rand()%10;
$white = imagecolorallocate($im, $v3, $v2, $v1);
$grey = imagecolorallocate($im, 128, 128, 128);
$black = imagecolorallocate($im, 0, 0, 0);
imagefilledrectangle($im, 1, 1, 198, 58, $white);
$col_ellipse = imagecolorallocate($im, $v1, 255, $v3);
imageellipse($im, 100,30, 150, 50, $col_ellipse);
$text = $sNo; $pre="d:\\phorce.co.uk\\wwwroot\\dl\\";
$fonts=array( 'Asimov.ttf','b5hollow.ttf','BATTLEST.TTF','BOGSTAND.TTF','brigadow.ttf');
$atta = array(24,16,22,22,22); $xadd=array(30,5,15,20,15);
$i=rand()%4;
$fnt=$pre.$fonts[$i]; $att=$atta[$i]; $xad=$xadd[$i];
imagettftext($im, $att, $ang, 10+$xad+$ang2, 30+$y+$ang2, $grey, $fnt, $text);
imagettftext($im, $att, $ang, 10+$xad, 30+$y, $black, $fnt, $text);
imagepng($im);
imagedestroy($im);
?>
log.php;
PHP Code:
<?
session_start();
if(isset($_POST['submit']))
{
$code = $_SESSION['checkno'];$user_code = $_POST['code'];
if($code !== $user_code) {
$rand = (rand()%9).(rand()%9).(rand()%9).(rand()%9).(rand()%9).(rand()%9).(rand()%9).(rand()%9);
$_SESSION['checkno'] = $rand;
echo '<center>Validation code incorrect.</center>'; }
else {
$total = $_SESSION['filelink'];
$filename = $_SESSION['filename'];
Header ( "Content-Type: application/octet-stream");
Header ( "Content-Length: ".filesize($total));
Header( "Content-Disposition: attachment; filename=$filename");
Header("Content-Underwear: Pink[Frilly];Size=12");
readfile($total);
exit("Enjoy");
}
} else {
$rand = (rand()%9).(rand()%9).(rand()%9).(rand()%9).(rand()%9).(rand()%9).(rand()%9).(rand()%9);
$_SESSION['checkno'] = $rand;
}
?><center>
<h1>Please validate you're human</h1>
<code><br>Yes you are being logged,<br>Yes there's a delay before it downloads,<br>
Yes, i'm laughing at you for thinking it's bad code ;)<p>
<form method="POST" action="log.php">
<input type="text" name="code"> <input type="submit" name="submit" value="Go">
<br><img src="img.php" >
</form></p></center>
dl.php is the file called to "list" the downloads. Note that the files are stored below webroot, so they can only be called via these scripts (or similar) - and not directly from the user.
img.php generates the image (NOTE: Please use an alternate 5 charsets and keep them in the same directory as these scripts).
log.php deals with the image validation and transferring the downloads.
Hope someone finds use for this (not my best work, but does the job). Oh, and enjoy the funny headers 
PHP: Image validation/anti leech
Reply With Quote
Bookmarks