I elaborated on this before.

Using cookies makes it all a bit easier. When the user accepts cookies, he will not be bothered by the copyright messages for 30 days. And Apache can test on the existance of the cookie. So now the .htaccess looks like this.

  ## do that only if the cookie is not set
  RewriteCond %{HTTP_COOKIE} !CopyrightCookie
  ## comes not from the copyright page
  RewriteCond %{HTTP_REFERER} !(^.*/public/copyright\.html$)
  ## comes not from itself, so has been redirected already
  RewriteCond %{HTTP_REFERER} !(^.*(jpg|tif|tiff|jpeg|mov|mp4|mpg|ram|wmv|avi)(\?.*)?$)
  ## is a request for a hires or fullres image
  RewriteCond %{REQUEST_URI} ^.*(\/original\/|\/wallpaper(1|2|3)\/|\/publication.*\/).*$
  ## then do the trick...
  RewriteRule   ^(.*)$  /public/copyright.html

The copyright message sets the cookie after the user has accepted it (post to itself) and redirects the user to the requested file afterwards. So this should also work when the user has cookies disabled like in the version before.

  if ($accept = $_REQUEST["accept"]) {
    # just submitted, so set the cookie
    $cvalue = "accepted";
    $cookie = setcookie("CopyrightCookie",$cvalue, time()+60*60*24*30, "/",".domain.org");
    # and redirect the user to his desired destination
    if ($target == $_SERVER["PHP_SELF"]) {
	# go back to source
	header("Location: ".$source);
    } else {
	# go to target
	header("Location: ".$target);
    }
  }

and just for completeness the form:

  <form name="copyright" action="<?=$_SERVER["PHP_SELF"]?>" method="post">
  <input type="hidden" name="target" value="<?=$target?>">
  <input type="hidden" name="source" value="<?=$source?>">
  <input type="hidden" name="accept" value="1">
  <input type="button" value="I accept the conditions" class="button_yes"
         onClick="document.forms[1].submit();">
  <input type="button" value="I do not accept the conditions" class="button_no"
         onClick="location.href='<?=$source?>';">
  </form>

There are some problems concerning video though:

• when using Firefox on Windows and requesting a wmv file, the copyright notice is displayed and accepted. Afterwards, Windows Media Player opens and tries to access the file which is denied as WMP uses of course the cookies set by Internet Explorer. As we browsed to the site using FF, WMP is not working here. 2 Possibilities:
  • right-click the file and save as… and then play it
  • or browse to the site with IE and accept the cookie here…
• Cookies are not evaluated when doing a right-click-save-as. So you’ll probably always get the copyright.html when trying to download a file… So I’ll have to get back to my slogan: try something different…

(does anyone have a better idea?) To make things worse, Safari won’t let you download an MPG file. When clicking on it, it displays fine with Quicktime inside the browser but when “right-clicking” and trying to download it, it just downloads the copyright notice again. So it seems it does not do the cookie check here. This really drives me nuts…

 RewriteEngine On

 ## comes not from the copyright page
 RewriteCond %{HTTP_REFERER} !(^.*/public/copyright\.html$)
 ## comes not from itself, so has been redirected already, optional query string
 RewriteCond %{HTTP_REFERER} !(^.*(jpg|tif|tiff|jpeg|mov|mp4|mpg|ram)(\?.*)?$)
 ## is a request for a hires or fullres image
 RewriteCond %{REQUEST_URI} ^.*(fullres|highres|hires|\/video\/).*$
 ## then do the trick...
 RewriteRule   ^(.*)$  /public/copyright.html

und copyright.html:

 if (!$target = $_REQUEST["target"]) {
  # we are coming via the rewrite rule, so the image to be shown is in the URI!
  $target = $_SERVER["REQUEST_URI"];
 }
 $source = $_SERVER["HTTP_REFERER"];

 # SAFARI HACK (caching), we have been here before... prevent caching
 if (stristr($_SERVER["HTTP_USER_AGENT"],'Safari')) {
  if (!$querystring = stristr($target,'?')) {
	$target = $target."?img=show";
  } else {
	$target = $target."&img=show";
  }
 }

 [...]
 <a href="<?=$target?>" class="button_yes">I accept the conditions</a>
 <a href="<?=$source?>" class="button_no">I do not accept the conditions</a>

 # .htaccess-Datei für Web-Verzeichnis /service
 AuthType Basic
 AuthName "Service-Bereich"
 AuthUserFile /usr/verwaltung/web/.htusers
 Require valid-user
 Order deny,allow
 Deny from all
 Allow from 192.168
 Satisfy any

Erläuterung:

In diesem Beispiel wird Require zusammen mit Allow from und Deny from verwendet. Die Anweisung Satisfy gibt an, welche der Bedingungen erfüllt sein müssen. Das Schlüsselwort any bedeutet, dass alle Benutzer mit einer numerischen IP im Bereich 192.168 automatisch zugelassen sind. Benutzer, die nicht von dort kommen, werden nach einem Benutzernamen und Passwort gefragt (“Oder”-Verknüpfung der beiden Bedingungen). Hingegen würde das Schlüsselwort all bedeuten, dass nur Benutzer mit einer IP aus dem Bereich 192.168 und einem gültigen Benutzernamen zugelassen sind (“Und”-Verknüpfung der beiden Bedingungen).

Source: http://de.selfhtml.org/servercgi/server/htaccess.htm