rondog Posted March 1, 2011 Share Posted March 1, 2011 I have a file in web root called fileserve.php. It basically hands the user a file that is above web root. <?php include("config.php"); // just includes session_start and db connection if ($_SESSION['user']['authed'] == true) { session_write_close(); $id = $_GET['id']; $query = mysql_query("SELECT filename FROM episodes WHERE id = '$id'"); $row = mysql_fetch_array($query); $filename = "../../media/".$row['filename']; header( 'Content-Description: File Transfer' ); header( 'Content-Type: video/x-m4v' ); header( 'Content-Disposition: attachment; filename='.basename( $filename ) ); header( 'Content-Transfer-Encoding: binary' ); header( 'Expires: 0' ); header( 'Cache-Control: must-revalidate, post-check=0, pre-check=0' ); header( 'Pragma: public' ); header( 'Content-Length: ' . filesize( $filename ) ); ob_clean(); flush(); readfile( $filename ); exit; } ?> I am trying to fix up the url so it looks like: http://mysite.com/videos/xxxx.m4v Options +FollowSymlinks RewriteEngine on RewriteRule ^videos/([^/]+).m4v fileserve.php?id=$1 When I go to http://mysite.com/videos/1.m4v, I get a 404 not found: The requested URL /mnt/stor2-wc1-dfw1/xxxxx/mysite.com/web/content/fileserve.php was not found on this server. fileserve.php is definitely there so I am not sure what I am doing wrong. Quote Link to comment Share on other sites More sharing options...
rondog Posted March 1, 2011 Author Share Posted March 1, 2011 I think I put this in the wrong section..my bad. Someone can move it. Quote Link to comment Share on other sites More sharing options...
rondog Posted March 1, 2011 Author Share Posted March 1, 2011 yeah im stumped too Quote Link to comment Share on other sites More sharing options...
rondog Posted March 1, 2011 Author Share Posted March 1, 2011 Boom! Fixed! Options +FollowSymlinks RewriteEngine on RewriteBase / RewriteRule ^videos/([^/]+)\.m4v fileserve.php?id=$1 Needed a rewrite base Quote Link to comment Share on other sites More sharing options...
.josh Posted March 1, 2011 Share Posted March 1, 2011 you don't really need a rewrite base. You could have done RewriteRule ^/videos/([^/]+)\.m4v fileserve.php?id=$1 Quote Link to comment Share on other sites More sharing options...
.josh Posted March 1, 2011 Share Posted March 1, 2011 also, just nitpicking but the regex should serve your purposes but it could stand to be a bit better. Instead of matching one or more of anything that's not a forward slash, it should only be matching for what the expected value of id should be. Examples: only numbers: RewriteRule ^/videos/([0-9]+)\.m4v fileserve.php?id=$1 alphanumeric RewriteRule ^/videos/([a-zA-z0-9]+)\.m4v fileserve.php?id=$1 This is especially important since you aren't validating $_GET['id'] before using it in your sql query (which you should be...). As of right now your script is vulnerable to sql injection. Quote Link to comment Share on other sites More sharing options...
rondog Posted March 1, 2011 Author Share Posted March 1, 2011 I tried adding the slash at the beginning and it didn't work. I know I am not validating the id, yet. Will the first reg exp you gave do any amount of numbers? I'm assuming thats what the plus is for. So it can be 45.m4v or even 19384.m4v? Quote Link to comment Share on other sites More sharing options...
.josh Posted March 1, 2011 Share Posted March 1, 2011 hmm..kinda odd that adding slash doesn't do it for you...anways, yes, ([0-9]+) means to match one or more numbers and capture into $1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.