<?php
$hotlink['hotlinkimage'] = 'donthotlink.jpg';

$hotlink['url'] = '';
if(!empty($_GET['url'])) {
	$hotlink['url'] = $_GET['url'];


	$hotlink['ref_domain'] = '';
	$hotlink['referrer'] = '';
	$hotlink['fullurl'] = 'http://'.$_SERVER['HTTP_HOST'].'/'.$hotlink['url'];

	// mod_rewrite should have already established that it is a hot-link.
	// This is a double-check. We need to capture the referrer, anyway.

	if (!empty($_SERVER['HTTP_REFERER'])) {
		$hotlink['referrer'] = $_SERVER['HTTP_REFERER'];
		$hotlink['ref_domain'] = substr($hotlink['referrer'], 7, strpos($hotlink['referrer'], "/", 7) - 7);
	}

	// splitting the referrer into a domain part, saves us searching for multiple variations.
	// so long as your host name appears somewhere in the domain part, it's not a hot-link.

	if (!stristr($hotlink['ref_domain'], $_SERVER['HTTP_HOST'])) {

		$domain = getDomain($hotlink['ref_domain']);
		//error_log("Done checking. $domain->id, $domain->domain, $domain->allow");

		if($domain->allow){
			log_hotlink_to_db($domain, $hotlink['referrer'], $hotlink['fullurl'], 1);
			serveImage('../'.$hotlink['url']);
		}
		else{
			log_hotlink_to_db($domain, $hotlink['referrer'], $hotlink['fullurl'], 0);
			serveImage($hotlink['hotlinkimage']);
		}
	}else{
		serveImage($hotlink['url']);
	}

}else{
	// No url? Redirect them to the main site.
	header( "Location: http://" . $_SERVER['HTTP_HOST'] );
}

// Simple class for domain
class Domain{
	public $id;
	public $domain;
	public $allow;
}

//log the attempt to db
function log_hotlink_to_db($domain, $referrer, $url, $allowed){
	$db_connection = getDBConnection();
	$statement = $db_connection->prepare("INSERT INTO hotlink_log (domain_id, referrer,url,allow) VALUES (?,?,?,?)") or die ("Failed to prepare the statement!");
	$statement->bind_param("issi", $domain->id, $referrer,$url,$allowed);
	$statement->execute();
	$statement->close();
}

function getDomain($ref_domain){
	if (preg_match("/^www./i",$ref_domain)){
		// WWW. is deprecated anyway...
		$ref_domain = preg_replace("/^www./i", "", $ref_domain);
	}

	$domain = new Domain();
	$domain->id = 0;
	$domain->domain = $ref_domain;
	$domain = checkDomain($domain);
	if($domain->id == 0){
		insertNewDomain($domain);
		$domain = checkDomain($domain);
	}
	return $domain;
}

function checkDomain($domain){
	$db_connection = getDBConnection();
	$statement = $db_connection->prepare("SELECT id, allow FROM hotlink_access WHERE domain = ?") or die ("Failed to prepare the statement!");
	$statement->bind_param("s", $domain->domain);
	$statement->execute();
	$statement->bind_result($id, $allow);
	if($statement->fetch()){
		$domain->id = $id;
		$domain->allow = $allow;
	}
	$statement->close();
	
	return $domain;
}

function insertNewDomain($domain){
	$db_connection = getDBConnection();
	$statement = $db_connection->prepare("INSERT INTO hotlink_access (domain,allow) VALUES (?,1)") or die ("Failed to prepared the statement!");
	$statement->bind_param("s", $domain->domain);
	$statement->execute();
	//$statement->affected_rows
	
	$statement->close();
}

function serveImage($url){
	if (!empty($url) and file_exists($url)) {
		$hotlink['img_type'] = end(explode('.', $url));
		if (strcasecmp($hotlink['img_type'],'png') == 0 ){
			$hotlink['img'] = imagecreatefrompng($url);
			imagesavealpha($hotlink['img'],true);
		} elseif (strcasecmp($hotlink['img_type'],'jpg') == 0 || strcasecmp($hotlink['img_type'],'jpeg') == 0) {
			$hotlink['img'] = imagecreatefromjpeg($url);
		} elseif (strcasecmp($hotlink['img_type'],'gif') == 0) {
			$hotlink['img'] = imagecreatefromgif($url);
		} else {
			trigger_error("HOTLINK - Image $url is of unknown type", E_USER_ERROR);
		}
		//TODO Other file types?

	} else {
		// Log image not found!
		trigger_error("HOTLINK - Image $url was not found", E_USER_ERROR);
	}

	// send the image to the browser..
	if ($hotlink['img_type'] == 'png') {
		header('Content-type: image/png');
		imagepng($hotlink['img']) or die("there was an error. sorry about that...");
	} else {
		header('Content-type: image/jpg');
		imagejpeg($hotlink['img']) or die("there was an error. sorry about that...");
	}
	imagedestroy($hotlink['img']);
}

function getDBConnection(){
	$db_connection = new mysqli("server", "username", "password", "database") or die ("Failed to obtain connection to db!");
	return $db_connection;
}

?>