Jump to content

Recommended Posts

Hi all,

 

 

I have a working download script which uses php to hide a files real location from the user. My problem is that the speed of the average download is now only 90ish kb/s, whereas if you were to access the directly it is much faster (depending on your internet connection).

 

Is there a way of increasing the script's download capabilities? Like a header php line? Or is it something that would be set by the web host's server?

 

Cheers all!

Hi all,

 

 

I have a working download script which uses php to hide a files real location from the user. My problem is that the speed of the average download is now only 90ish kb/s, whereas if you were to access the directly it is much faster (depending on your internet connection).

 

Is there a way of increasing the script's download capabilities? Like a header php line? Or is it something that would be set by the web host's server?

 

Cheers all!

 

Requesting from Apache or PHP sending a file header to apache is virtually the same thing. I doubt PHP is your problem. What script are you using for downloads? Obviously it would be the thing that is flawed.

Hi there,

 

thanks for the speedy response. I was hoping it would be something to do with my script! It takes way too long to download anyhting at the moment.

 

The script works in the following way:

 

userlogs in, then is only allowed access to various product download pages based on which product(s) they have, pages display only downloads available to customer from mysql, user then clicks link in a list which calls the filedownload.php?file= ?? where the ?? equals the id of the row int he mysql table. This then tells the browser what the file name is for it to let the user download and passes the download over.

 

The script for filedownload.php is as follows:

 

<?php 
//Antileech script
session_start();

//connect to db
include('dbconnect/lh.php');
mysql_select_db($database_lh, $lh);

// block any attempt to the filesystem
if (isset($_GET['file']) && basename($_GET['file']) == $_GET['file']) {

//set variable to retrieve id number from url
$fileid = $_GET['file'];

// query the db for access levels
$sql="SELECT * FROM filelist WHERE id='$fileid'";
$data = mysql_query($sql, $lh) or die(mysql_error());

// retrieve the file and its access levels
while($retrieve = mysql_fetch_array( $data )) {
	$filename = $retrieve['filename'];
	$category = $retrieve['category'];
	$subcategory = $retrieve['subcategory'];
}

} else {
$filename = NULL;
} 

$allowed = 0;

// include a list of allowed domains/tell whether logging is enabled
include('downloadconfig.php');

//checks if user is from allowed domain
if($allowblank > 0) { if($_SERVER['HTTP_REFERER']=="") { $allowed = 1; }}
$domains = count($alloweddomains);

for($y=0;$y<$domains+1;$y++) {
if((stristr($_SERVER['HTTP_REFERER'], $alloweddomains[$y]))) {
	$allowed = 1;
}
}

//if domain allowed...
if($allowed > 0) {

//if no filename...
if (!$filename) {
	// if variable $filename is NULL or false return message
	if($logging > 0){
		$status = "FileNotFound";
		include('logit.php');
	}
	// if file not found return to previous page with an error to display
	$errors = 'ERROR: That file wasnt found!';
	$_SESSION['fileERROR'] = $errors;
	$redirect = $_SESSION['PrevUrl'];
	header("Location: ". $redirect );
	exit;
}
//if file exists need to check authorision levels

//set access to no
$access = NULL;

//retrieve current user levels
$cpm = $_SESSION['MM_CPMGroup'];
$cpmh = $_SESSION['MM_CPMHGroup'];
$cm = $_SESSION['MM_CMGroup'];
$cj = $_SESSION['MM_CJGroup'];

//set file category type & set access if allowed
if ($category == 'cpm') {
	if ($cpm == '1') {
		$access = 1;
		if ($subcategory == 'techdata') {
			$path = "files/techdata/cpm/";
		}
		elseif ($subcategory == 'msds') {
			$path = "files/techdata/msds/cpm/";
		}
		elseif ($subcategory == 'symbols') {
			$path = "files/symbols/cpm/";
		}
		else {
		$path = "files/cpm/";
		}
	}
}
elseif ($category == 'cpmh') {
	if ($cpmh == '1') {
		$access = 1;
		if ($subcategory == 'techdata') {
			$path = "files/techdata/cpmh/";
		}
		elseif ($subcategory == 'msds') {
			$path = "files/techdata/msds/cpmh/";
		}
		elseif ($subcategory == 'symbols') {
			$path = "files/symbols/cpmh/";
		}
		else {
		$path = "files/cpmh/";
		}
	}
}
elseif ($category == 'cm') {
	if ($cm == '1') {
		$access = 1;
		if ($subcategory == 'techdata') {
			$path = "files/techdata/cm/";
		}
		elseif ($subcategory == 'msds') {
			$path = "files/techdata/msds/cm/";
		}
		elseif ($subcategory == 'symbols') {
			$path = "files/symbols/cm/";
		}
		else {
		$path = "files/cm/";
		}
	}
}
elseif ($category == 'cj') {
	if ($cj == '1') {
		$access = 1;
		if ($subcategory == 'techdata') {
			$path = "files/techdata/cj/";
		}
		elseif ($subcategory == 'msds') {
			$path = "files/techdata/msds/cj/";
		}
		elseif ($subcategory == 'symbols') {
			$path = "files/symbols/cj/";
		}
		else {
		$path = "files/cj/";
		}
	}
}

if ($access < 1) {
	// if user access not granted to file category return message
	if($logging > 0){
		$status = "WrongPermissions";
		include('logit.php');
	}
	$errors = "ERROR: You don't have permission to access that file!";
	$_SESSION['fileERROR'] = $errors;
	$redirect = $_SESSION['PrevUrl'];
	header("Location: ". $redirect );
	exit;
}

// if file exists and user access granted:

// define the path to your download folder plus assign the file name
$path .= $filename;

// check that file exists and is readable
if (file_exists($path) && is_readable($path)) {

	// get the file size and send the http headers
	$size = filesize($path);

        // required for IE, otherwise Content-disposition is ignored
        if(ini_get('zlib.output_compression')) ini_set('zlib.output_compression', 'Off');

	//content type
	switch(strtolower(substr(strrchr($filename,'.'),1)))
	{
          case "pdf": $mime="application/pdf"; break;
          case "mp3": $mime="audio/x-mp3"; break;
          case "zip": $mime="application/zip"; break;
          case "rar": $mime="application/zip"; break;
          case "tar": $mime="application/zip"; break;
          case "sit": $mime="application/zip"; break;
          case "doc": $mime="application/msword"; break;
          case "xls": $mime="application/vnd.ms-excel"; break;
          case "ppt": $mime="application/vnd.ms-powerpoint"; break;
          case "gif": $mime="image/gif"; break;
          case "png": $mime="image/png"; break;
          case "jpeg":$mime="image/jpg"; break;
          case "jpg": $mime="image/jpg"; break;
	  default: $mime="application/force-download";
	}

	header("Pragma: public");
	header("Expires: 0");
	header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        header("Cache-Control: private",false);
	header("Content-Type: " .$mime);
	header("Content-Disposition: attachment; filename=\"".$filename."\";");
	header('Content-Transfer-Encoding: binary');
	header('Content-Length: '.$size);
	readfile("$path");

	if($logging == 1){
		$status = "Granted";
		include('logit.php');
	}
	exit;
}

//if domain not allowed
} else {
if($logging > 0){
	$status = "DomainDenied";
	include('logit.php');
}
//quiet leecher kill
exit;
}
?>

 

I hope the above makes sense!

Now that I see you are querying a database on multiple occasions, The speed of your web server (and including internal connections to the *SQL servers) may be at fault. Is this a script you've made or downloaded? There are much simpler scripts out there, that don't require sessions or many queries, that can transparently allow a user to download the file without knowing the location.

 

If the lookup of the file ID (filename=xxx..) is all that is needed, a single query to do this would speed things up rather than unload a lot of processing on 'antileech' protection.

Hi yes, its a script i've written.

 

I need it to only allow logged in users and users with sufficient permissions to access certain files. I don't think this is achieveable without sessions/queries is it?

 

if (isset($_SESSION['allowed-id'])) {
   //Allow download without query,
   //as whatever you used to log
   //them in has set it for you.
}

 

It shouldn't be too hard to implement such a simple script like so, you'd just need to rely on one or two session keys set, which you can use pre-existing or you can set up.

i'm not 100% sure what you are trying to describe but if it is what i am thinking, i am already checking user permissions without queries by setting session variables when they log in. When the user then accesses product download pages the session variable is checked before they are allowed to see the page.

I think the problem lies when i am checking the db to find the file download path and filename. But if i don't query this where would i retrieve the information from if i dont want the user to be able to see it?

 

Thanks for your help so far!

1 means one byte. It should actually indicate an 'on' value or a reasonably larger numeric value (i.e. 4096.)

 

A) It should not be turned on at all (it just wastes memory and processing time), and

B) It is probably what is causing your download to operate slowly and is also probably causing your web pages to be output slowly.

 

Turn output_buffering off.

 

The only way I was able to reproduce a 1 value was by setting it to a 1 or by using a php_flag setting in a .htaccess file (it is actually a php_value setting in a .htaccess file.)

1 means one byte. It should actually indicate an 'on' value or a reasonably larger numeric value (i.e. 4096.)

 

A) It should not be turned on at all (it just wastes memory and processing time), and

B) It is probably what is causing your download to operate slowly and is also probably causing your web pages to be output slowly.

 

Turn output_buffering off.

 

The only way I was able to reproduce a 1 value was by setting it to a 1 or by using a php_flag setting in a .htaccess file (it is actually a php_value setting in a .htaccess file.)

 

I dont have access to be able to turn the output buffering off on the web hosts server. Is there any other way of doing it?

 

Do you think i have a php_flag in a  .htaccess which is causing the issue?

Do you think i have a php_flag in a  .htaccess which is causing the issue?

Umm. You are the only person here who would have the ability to investigate that possibility on your server.

 

You can set php setting in a .htaccess file when php is running as an Apache Module. You can set php settings in a local php.ini (sometimes it is named something else) if php is running as a CGI application. Check with your web host for the exact method on your server.

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.