Jump to content

Recommended Posts

Hi! I have tried to add this link to the player under file:"sales/getfFile.... But it its saying bad source. When this code pasted on the address bar , i can download the file..... But the player cannot.

$VideoF= stripslashes($_GET['download_file']);
$VideoIm = preg_replace('/\.[^.]+$/','',$VideoF);

if(isUserLoggedIn())
{ 
?>
	<script type="text/javascript" src="jwplayer/jwplayer.js"></script>
    <script type="text/javascript" src="jwplayer/jwplayer.html5.js"></script>
    <div id="myElement">Loading the player...</div>
    
    <script type="text/javascript">
        jwplayer("myElement").setup({
            file: "sales/getfFile.php?download_file=<?php echo $VideoF; ?>",
             image: "sales/assets/img/history/<?php echo $VideoIm; ?>.jpg"
        });
    </script>
<?php
}
?>

the download script is :

	$path_parts = pathinfo($_GET['download_file']);
	$file_name  = $path_parts['basename']; 
	 $fullPath = "../privatefolder/".$file_name;

	
	if ($fd = fopen ($fullPath, "r")) {
		$fsize = filesize($fullPath);
		$path_parts = pathinfo($fullPath);
		$ext = strtolower($path_parts["extension"]);
		switch ($ext) {
			case "pdf":
			header("Content-type: application/pdf"); // add here more headers for diff. extensions
			header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download
			break;
			case "mp4":
			header("Content-type: video/mp4"); // add here more headers for diff. extensions
			header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download
			break;
			default:
			header("Content-type: application/octet-stream");
			header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
		}
		header("Content-length: $fsize");
		header("Cache-control: private"); //use this to open files directly
		while(!feof($fd)) {
			$buffer = fread($fd, 2048);
			echo $buffer;
		}
	}
	fclose ($fd);
	exit;

Do you guys have netter way of playing videos outside root directory?

Link to comment
https://forums.phpfreaks.com/topic/280402-play-video-outside-root-directory/
Share on other sites

Hi!

I have changed the script all together:

Am able to download the file outside root directory BUT iam not able to play it.

The script below: i have disabled the "Content Disposition" so that it does not force download. but nothing happens. the player keeps rotating without an error:

		
		define('ALLOWED_REFERRER', '');
		
		// Download folder, i.e. folder where you keep all files for download.
		// MUST end with slash (i.e. "/" )
		//define('BASE_DIR','/home/user/downloads/');
		define('BASE_DIR',$_SERVER['DOCUMENT_ROOT'].'/../privatelogged/');
		
		// log downloads?  true/false
		define('LOG_DOWNLOADS',true);
		
		// log file name
		define('LOG_FILE','downloads.log');
		
		// Allowed extensions list in format 'extension' => 'mime type'
		// If myme type is set to empty string then script will try to detect mime type 
		// itself, which would only work if you have Mimetype or Fileinfo extensions
		// installed on server.
		$allowed_ext = array (
		
		  // archives
		  'zip' => 'application/zip',
		
		  // documents
		  'pdf' => 'application/pdf',
		  'doc' => 'application/msword',
		  'xls' => 'application/vnd.ms-excel',
		  'ppt' => 'application/vnd.ms-powerpoint',
		  
		  // executables
		  'exe' => 'application/octet-stream',
		
		  // images
		  'gif' => 'image/gif',
		  'png' => 'image/png',
		  'jpg' => 'image/jpeg',
		  'jpeg' => 'image/jpeg',
		
		  // audio
		  'mp3' => 'audio/mpeg',
		  'wav' => 'audio/x-wav',
		
		  // video
		  'mp4' => 'video/mp4',
		  'mpeg' => 'video/mpeg',
		  'mpg' => 'video/mpeg',
		  'mpe' => 'video/mpeg',
		  'mov' => 'video/quicktime',
		  'avi' => 'video/x-msvideo'
		);
		
		
		
		####################################################################
		###  DO NOT CHANGE BELOW
		####################################################################
		
		// If hotlinking not allowed then make hackers think there are some server problems
		if (ALLOWED_REFERRER !== ''
		&& (!isset($_SERVER['HTTP_REFERER']) || strpos(strtoupper($_SERVER['HTTP_REFERER']),strtoupper(ALLOWED_REFERRER)) === false)
		) {
		  die("Internal server error. Please contact system administrator.");
		}
		
		// Make sure program execution doesn't time out
		// Set maximum script execution time in seconds (0 means no limit)
		set_time_limit(0);
		
		if (!isset($_GET['video']) || empty($_GET['video'])) {
		  die("Please specify file name for download.");
		}
		
		// Nullbyte hack fix
		if (strpos($_GET['video'], "\0") !== FALSE) die('');
			
		// Get real file name.
		// Remove any path info to avoid hacking by adding relative path, etc.
		$fname = basename($_GET['video']);
		$fname="K@1~@".$fname;
		// Check if the file exists
		// Check in subfolders too
		function find_file ($dirname, $fname, &$file_path) 
		{
		
		  $dir = opendir($dirname);
		
		  while ($file = readdir($dir)) {
			if (empty($file_path) && $file != '.' && $file != '..') {
			  if (is_dir($dirname.'/'.$file)) {
				find_file($dirname.'/'.$file, $fname, $file_path);
			  }
			  else {
				if (file_exists($dirname.'/'.$fname)) {
				  $file_path = $dirname.'/'.$fname;
				  return;
				}
			  }
			}
		  }
		
		} // find_file
		
		// get full file path (including subfolders)
		$file_path = '';
		find_file(BASE_DIR, $fname, $file_path);
		
		if (!is_file($file_path)) {
		  die("File does not exist. Make sure you specified correct file name."); 
		}
		
		// file size in bytes
		$fsize = filesize($file_path); 
		
		// file extension
		$fext = strtolower(substr(strrchr($fname,"."),1));
		
		// check if allowed extension
		if (!array_key_exists($fext, $allowed_ext)) {
		  die("Not allowed file type."); 
		}
		
		// get mime type
		if ($allowed_ext[$fext] == '') {
		  $mtype = '';
		  // mime type is not set, get from server settings
		  if (function_exists('mime_content_type')) {
			$mtype = mime_content_type($file_path);
		  }
		  else if (function_exists('finfo_file')) {
			$finfo = finfo_open(FILEINFO_MIME); // return mime type
			$mtype = finfo_file($finfo, $file_path);
			finfo_close($finfo);  
		  }
		  if ($mtype == '') {
			$mtype = "application/force-download";
		  }
		}
		else {
		  // get mime type defined by admin
		  $mtype = $allowed_ext[$fext];
		}
		
		// Browser will try to save file with this filename, regardless original filename.
		// You can override it if needed.
		
		if (!isset($_GET['fc']) || empty($_GET['fc'])) {
		  $asfname = $fname;
		}
		else {
		  // remove some bad chars
		  $asfname = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']);
		  if ($asfname === '') $asfname = 'NoName';
		}
		
		// set headers
		header("Pragma: public");
		header("Expires: 0");
		header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
		header("Cache-Control: public");
		header("Content-Description: File Transfer");
		header("Content-Type: $mtype");
		//header("Content-Disposition: attachment; filename=\"$asfname\"");
		header("Content-Transfer-Encoding: binary");
		header("Content-Length: " . $fsize);
		
		// download
		// @readfile($file_path);
		$file = @fopen($file_path,"rb");
		if ($file) {
		  while(!feof($file)) {
			print(fread($file, 1024*);
			flush();
			if (connection_status()!=0) {
			  @fclose($file);
			  die();
			}
		  }
		  @fclose($file);
		}
		
		// log downloads
		if (!LOG_DOWNLOADS) die();
		
		$f = @fopen(LOG_FILE, 'a+');
		if ($f) {
		  @fputs($f, date("m.d.Y g:ia")."  ".$_SERVER['REMOTE_ADDR']."  ".$fname."\n");
		  @fclose($f);
		}

If i disable the "Content-Length" and "Content-Type" i get very many  characters and symbols %$&%^&%^&%^&%^ on screen...

 

Thanks for your responses...

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.