rondog Posted March 1, 2011 Share Posted March 1, 2011 I have a file in web root called fileserve.php. It basically hands the user a file that is above web root. <?php include("config.php"); // just includes session_start and db connection if ($_SESSION['user']['authed'] == true) { session_write_close(); $id = $_GET['id']; $query = mysql_query("SELECT filename FROM episodes WHERE id = '$id'"); $row = mysql_fetch_array($query); $filename = "../../media/".$row['filename']; header( 'Content-Description: File Transfer' ); header( 'Content-Type: video/x-m4v' ); header( 'Content-Disposition: attachment; filename='.basename( $filename ) ); header( 'Content-Transfer-Encoding: binary' ); header( 'Expires: 0' ); header( 'Cache-Control: must-revalidate, post-check=0, pre-check=0' ); header( 'Pragma: public' ); header( 'Content-Length: ' . filesize( $filename ) ); ob_clean(); flush(); readfile( $filename ); exit; } ?> I am trying to fix up the url so it looks like: http://mysite.com/videos/xxxx.m4v Options +FollowSymlinks RewriteEngine on RewriteRule ^videos/([^/]+).m4v fileserve.php?id=$1 When I go to http://mysite.com/videos/1.m4v, I get a 404 not found: The requested URL /mnt/stor2-wc1-dfw1/xxxxx/mysite.com/web/content/fileserve.php was not found on this server. fileserve.php is definitely there so I am not sure what I am doing wrong. Link to comment https://forums.phpfreaks.com/topic/229290-getting-a-404/ Share on other sites More sharing options...
rondog Posted March 1, 2011 Author Share Posted March 1, 2011 I think I put this in the wrong section..my bad. Someone can move it. Link to comment https://forums.phpfreaks.com/topic/229290-getting-a-404/#findComment-1181451 Share on other sites More sharing options...
rondog Posted March 1, 2011 Author Share Posted March 1, 2011 yeah im stumped too Link to comment https://forums.phpfreaks.com/topic/229290-getting-a-404/#findComment-1181486 Share on other sites More sharing options...
rondog Posted March 1, 2011 Author Share Posted March 1, 2011 Boom! Fixed! Options +FollowSymlinks RewriteEngine on RewriteBase / RewriteRule ^videos/([^/]+)\.m4v fileserve.php?id=$1 Needed a rewrite base Link to comment https://forums.phpfreaks.com/topic/229290-getting-a-404/#findComment-1181500 Share on other sites More sharing options...
.josh Posted March 1, 2011 Share Posted March 1, 2011 you don't really need a rewrite base. You could have done RewriteRule ^/videos/([^/]+)\.m4v fileserve.php?id=$1 Link to comment https://forums.phpfreaks.com/topic/229290-getting-a-404/#findComment-1181519 Share on other sites More sharing options...
.josh Posted March 1, 2011 Share Posted March 1, 2011 also, just nitpicking but the regex should serve your purposes but it could stand to be a bit better. Instead of matching one or more of anything that's not a forward slash, it should only be matching for what the expected value of id should be. Examples: only numbers: RewriteRule ^/videos/([0-9]+)\.m4v fileserve.php?id=$1 alphanumeric RewriteRule ^/videos/([a-zA-z0-9]+)\.m4v fileserve.php?id=$1 This is especially important since you aren't validating $_GET['id'] before using it in your sql query (which you should be...). As of right now your script is vulnerable to sql injection. Link to comment https://forums.phpfreaks.com/topic/229290-getting-a-404/#findComment-1181520 Share on other sites More sharing options...
rondog Posted March 1, 2011 Author Share Posted March 1, 2011 I tried adding the slash at the beginning and it didn't work. I know I am not validating the id, yet. Will the first reg exp you gave do any amount of numbers? I'm assuming thats what the plus is for. So it can be 45.m4v or even 19384.m4v? Link to comment https://forums.phpfreaks.com/topic/229290-getting-a-404/#findComment-1181552 Share on other sites More sharing options...
.josh Posted March 1, 2011 Share Posted March 1, 2011 hmm..kinda odd that adding slash doesn't do it for you...anways, yes, ([0-9]+) means to match one or more numbers and capture into $1 Link to comment https://forums.phpfreaks.com/topic/229290-getting-a-404/#findComment-1181570 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.