getting a 404

[rondog]

I have a file in web root called fileserve.php. It basically hands the user a file that is above web root.

<?php
include("config.php"); // just includes session_start and db connection
if ($_SESSION['user']['authed'] == true)
{
session_write_close();
$id 		= $_GET['id'];
$query 		= mysql_query("SELECT filename FROM episodes WHERE id = '$id'");
$row 		= mysql_fetch_array($query);
$filename 	= "../../media/".$row['filename'];

header( 'Content-Description: File Transfer' );
header( 'Content-Type: video/x-m4v' );
header( 'Content-Disposition: attachment; filename='.basename( $filename ) );
header( 'Content-Transfer-Encoding: binary' );
header( 'Expires: 0' );
header( 'Cache-Control: must-revalidate, post-check=0, pre-check=0' );
header( 'Pragma: public' );
header( 'Content-Length: ' . filesize( $filename ) );
ob_clean();
flush();
readfile( $filename );
exit;
}
?>

 

I am trying to fix up the url so it looks like: http://mysite.com/videos/xxxx.m4v

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^videos/([^/]+).m4v fileserve.php?id=$1

 

When I go to http://mysite.com/videos/1.m4v, I get a 404 not found:

The requested URL /mnt/stor2-wc1-dfw1/xxxxx/mysite.com/web/content/fileserve.php was not found on this server.

 

fileserve.php is definitely there so I am not sure what I am doing wrong.

[rondog]

I think I put this in the wrong section..my bad. Someone can move it.

[rondog]

yeah im stumped too

[rondog]

Boom! Fixed!

Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteRule ^videos/([^/]+)\.m4v fileserve.php?id=$1

 

Needed a rewrite base

[.josh]

you don't really need a rewrite base.  You could have done

 

RewriteRule ^/videos/([^/]+)\.m4v fileserve.php?id=$1

[.josh]

also, just nitpicking but the regex should serve your purposes but it could stand to be a bit better.  Instead of matching one or more of anything that's not a forward slash, it should only be matching for what the expected value of id should be.  Examples:

 

only numbers:

RewriteRule ^/videos/([0-9]+)\.m4v fileserve.php?id=$1

 

alphanumeric

RewriteRule ^/videos/([a-zA-z0-9]+)\.m4v fileserve.php?id=$1

 

This is especially important since you aren't validating $_GET['id'] before using it in your sql query (which you should be...).  As of right now your script is vulnerable to sql injection.

[rondog]

I tried adding the slash at the beginning and it didn't work. I know I am not validating the id, yet. Will the first reg exp you gave do any amount of numbers? I'm assuming thats what the plus is for. So it can be 45.m4v or even 19384.m4v?

[.josh]

hmm..kinda odd that adding slash doesn't do it for you...anways, yes, ([0-9]+) means to match one or more numbers and capture into $1