jkkenzie Posted July 22, 2013 Share Posted July 22, 2013 Hi! I have tried to add this link to the player under file:"sales/getfFile.... But it its saying bad source. When this code pasted on the address bar , i can download the file..... But the player cannot. $VideoF= stripslashes($_GET['download_file']); $VideoIm = preg_replace('/\.[^.]+$/','',$VideoF); if(isUserLoggedIn()) { ?> <script type="text/javascript" src="jwplayer/jwplayer.js"></script> <script type="text/javascript" src="jwplayer/jwplayer.html5.js"></script> <div id="myElement">Loading the player...</div> <script type="text/javascript"> jwplayer("myElement").setup({ file: "sales/getfFile.php?download_file=<?php echo $VideoF; ?>", image: "sales/assets/img/history/<?php echo $VideoIm; ?>.jpg" }); </script> <?php } ?> the download script is : $path_parts = pathinfo($_GET['download_file']); $file_name = $path_parts['basename']; $fullPath = "../privatefolder/".$file_name; if ($fd = fopen ($fullPath, "r")) { $fsize = filesize($fullPath); $path_parts = pathinfo($fullPath); $ext = strtolower($path_parts["extension"]); switch ($ext) { case "pdf": header("Content-type: application/pdf"); // add here more headers for diff. extensions header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download break; case "mp4": header("Content-type: video/mp4"); // add here more headers for diff. extensions header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download break; default: header("Content-type: application/octet-stream"); header("Content-Disposition: filename=\"".$path_parts["basename"]."\""); } header("Content-length: $fsize"); header("Cache-control: private"); //use this to open files directly while(!feof($fd)) { $buffer = fread($fd, 2048); echo $buffer; } } fclose ($fd); exit; Do you guys have netter way of playing videos outside root directory? Quote Link to comment https://forums.phpfreaks.com/topic/280402-play-video-outside-root-directory/ Share on other sites More sharing options...
Muddy_Funster Posted July 23, 2013 Share Posted July 23, 2013 have you tried echoing the contents of the $fullpath variable once it's set? Quote Link to comment https://forums.phpfreaks.com/topic/280402-play-video-outside-root-directory/#findComment-1441772 Share on other sites More sharing options...
.josh Posted July 23, 2013 Share Posted July 23, 2013 sidenote: if you can paste the path/to/file in your browser's address bar and it works, then it's not outside of your root directory. Quote Link to comment https://forums.phpfreaks.com/topic/280402-play-video-outside-root-directory/#findComment-1441787 Share on other sites More sharing options...
jkkenzie Posted July 25, 2013 Author Share Posted July 25, 2013 Hi! I have changed the script all together: Am able to download the file outside root directory BUT iam not able to play it. The script below: i have disabled the "Content Disposition" so that it does not force download. but nothing happens. the player keeps rotating without an error: define('ALLOWED_REFERRER', ''); // Download folder, i.e. folder where you keep all files for download. // MUST end with slash (i.e. "/" ) //define('BASE_DIR','/home/user/downloads/'); define('BASE_DIR',$_SERVER['DOCUMENT_ROOT'].'/../privatelogged/'); // log downloads? true/false define('LOG_DOWNLOADS',true); // log file name define('LOG_FILE','downloads.log'); // Allowed extensions list in format 'extension' => 'mime type' // If myme type is set to empty string then script will try to detect mime type // itself, which would only work if you have Mimetype or Fileinfo extensions // installed on server. $allowed_ext = array ( // archives 'zip' => 'application/zip', // documents 'pdf' => 'application/pdf', 'doc' => 'application/msword', 'xls' => 'application/vnd.ms-excel', 'ppt' => 'application/vnd.ms-powerpoint', // executables 'exe' => 'application/octet-stream', // images 'gif' => 'image/gif', 'png' => 'image/png', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', // audio 'mp3' => 'audio/mpeg', 'wav' => 'audio/x-wav', // video 'mp4' => 'video/mp4', 'mpeg' => 'video/mpeg', 'mpg' => 'video/mpeg', 'mpe' => 'video/mpeg', 'mov' => 'video/quicktime', 'avi' => 'video/x-msvideo' ); #################################################################### ### DO NOT CHANGE BELOW #################################################################### // If hotlinking not allowed then make hackers think there are some server problems if (ALLOWED_REFERRER !== '' && (!isset($_SERVER['HTTP_REFERER']) || strpos(strtoupper($_SERVER['HTTP_REFERER']),strtoupper(ALLOWED_REFERRER)) === false) ) { die("Internal server error. Please contact system administrator."); } // Make sure program execution doesn't time out // Set maximum script execution time in seconds (0 means no limit) set_time_limit(0); if (!isset($_GET['video']) || empty($_GET['video'])) { die("Please specify file name for download."); } // Nullbyte hack fix if (strpos($_GET['video'], "\0") !== FALSE) die(''); // Get real file name. // Remove any path info to avoid hacking by adding relative path, etc. $fname = basename($_GET['video']); $fname="K@1~@".$fname; // Check if the file exists // Check in subfolders too function find_file ($dirname, $fname, &$file_path) { $dir = opendir($dirname); while ($file = readdir($dir)) { if (empty($file_path) && $file != '.' && $file != '..') { if (is_dir($dirname.'/'.$file)) { find_file($dirname.'/'.$file, $fname, $file_path); } else { if (file_exists($dirname.'/'.$fname)) { $file_path = $dirname.'/'.$fname; return; } } } } } // find_file // get full file path (including subfolders) $file_path = ''; find_file(BASE_DIR, $fname, $file_path); if (!is_file($file_path)) { die("File does not exist. Make sure you specified correct file name."); } // file size in bytes $fsize = filesize($file_path); // file extension $fext = strtolower(substr(strrchr($fname,"."),1)); // check if allowed extension if (!array_key_exists($fext, $allowed_ext)) { die("Not allowed file type."); } // get mime type if ($allowed_ext[$fext] == '') { $mtype = ''; // mime type is not set, get from server settings if (function_exists('mime_content_type')) { $mtype = mime_content_type($file_path); } else if (function_exists('finfo_file')) { $finfo = finfo_open(FILEINFO_MIME); // return mime type $mtype = finfo_file($finfo, $file_path); finfo_close($finfo); } if ($mtype == '') { $mtype = "application/force-download"; } } else { // get mime type defined by admin $mtype = $allowed_ext[$fext]; } // Browser will try to save file with this filename, regardless original filename. // You can override it if needed. if (!isset($_GET['fc']) || empty($_GET['fc'])) { $asfname = $fname; } else { // remove some bad chars $asfname = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']); if ($asfname === '') $asfname = 'NoName'; } // set headers header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Type: $mtype"); //header("Content-Disposition: attachment; filename=\"$asfname\""); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . $fsize); // download // @readfile($file_path); $file = @fopen($file_path,"rb"); if ($file) { while(!feof($file)) { print(fread($file, 1024*); flush(); if (connection_status()!=0) { @fclose($file); die(); } } @fclose($file); } // log downloads if (!LOG_DOWNLOADS) die(); $f = @fopen(LOG_FILE, 'a+'); if ($f) { @fputs($f, date("m.d.Y g:ia")." ".$_SERVER['REMOTE_ADDR']." ".$fname."\n"); @fclose($f); } If i disable the "Content-Length" and "Content-Type" i get very many characters and symbols %$&%^&%^&%^&%^ on screen... Thanks for your responses... Quote Link to comment https://forums.phpfreaks.com/topic/280402-play-video-outside-root-directory/#findComment-1442073 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.