Modify so the script searches for the id in a database instead of a text file?

[oskare100]

Hello,
've a download script that "hides" the real address of files from the person who wants to download it. What I want to do is to make it use my database instead of the text file as it is using now.

Here is the full script as it looked before I started editing it:
[code=php:0]<?php
$allowed = 0;
include('config.php');

if($allowblank > 0) { if($_SERVER['HTTP_REFERER']=="") { $allowed = 1; }}

$domains = count($alloweddomains);

for($y=0;$y<$domains+1;$y++) {
if((stristr($_SERVER['HTTP_REFERER'], $alloweddomains[$y]))) { $allowed = 1;}
}

if($allowed > 0) {
$namenumberarray = file($webaddress."fileindex.txt");
$numberoffiles = count($namenumberarray);
$filenames = array();

for($x=0;$x<$numberoffiles+1;$x++) {
$temporary = explode(":",$namenumberarray[$x]);
$tempname = explode("\n",$temporary[1]);
$filenames[$temporary[0]] = $tempname[0];
}

if(!isset($filenames[$_GET['serve']])) {
if($logging > 0){
$status = "ReqNF";
include('logit.php');
}
echo('That number wasnt found!');
exit;
}

$wantedfilename = $filenames[$_GET['serve']];


$extension = explode(".", $wantedfilename);
$numberinarray = count($extension);

$lcext = strtolower($extension[$numberinarray-1]);

//BEGIN CONTENT TYPES BLOCK. ADD OR REMOVE FILE TYPES HERE, AS SHOWN //
//DON'T EDIT THIS UNLESS YOU KNOW WHAT YOU ARE DOING!//
//MOST COMMON FILE TYPES ARE ALREADY INCLUDED//

switch($lcext) {
case ($lcext == "swf"):
$commonname="flash";
$ct = "Content-type: application/x-shockwave-flash";
break;
case ($lcext == "wmv"):
$commonname="wmv";
$ct = "Content-type: video/x-ms-wmv";
break;
case ($lcext == "mov"):
$commonname="quicktime movie";
$ct = "Content-type: video/quicktime";
break;
case ($lcext == "avi"):
$commonname="avi video";
$ct = "Content-type: video/avi";
break;
case ($lcext == "rar"):
$commonname="winrar";
$ct = "Content-type: application/octet-stream";
break;
case ($lcext == "zip"):
$commonname="zip";
$ct = "Content-type: application/octet-stream";
break;
case ($lcext == "bmp"):
$commonname="bitmap";
$ct = "Content-type: image/bmp";
break;
case ($lcext == "gif"):
$commonname="gif";
$ct = "Content-type: image/gif";
break;
case ($lcext == "jpeg" || $lcext == "jpg" || $lcext == "jpe"):
$commonname="jpeg";
$ct = "Content-type: image/jpeg";
break;
case ($lcext == "mpeg" || $lcext == "mpg" || $lcext == "mpe"):
$commonname="mpeg";
$ct = "Content-type: video/mpeg";
break;
case ($lcext == "png"):
$commonname="png";
$ct = "Content-type: image/png";
break;

//END//

default:
$commonname="Generic Filetype";
$ct = "Content-type: application/octet-stream";

if($logging > 0){
$status = "Generic_Filetype";
include('logit.php');
}

}

$handle = fopen($webaddress.$wantedfilename, "rb");
header("Cache-Control: "); //keeps ie happy
header("Pragma: "); //keeps ie happy
header($ct); //content type as set above from explode();

if(!stristr($lcext, "swf")){//flash plays, it isnt downloaded as an actual file.
header("Content-Disposition: attachment; filename=\"".$wantedfilename."\"");
}

header("Content-Length: ".filesize($path.$wantedfilename));

fpassthru($handle);
if($logging > 0){
$status = "Granted";
include('logit.php');
}
exit;
}

else {
if($logging > 0){
$status = "Denied";
include('logit.php');
}
exit;
//quiet leech kill
}
?>[/code]

As you can see in the script I want the script to hide the real download location. So I can download the file with the ID 1 by visiting "/thescript.php?serve=1" and the file with the ID 2 by visiting "/thescript.php?serve=2".

Here is the database structure;
[CODE]CREATE TABLE `files` (
  `file_id` int(11) NOT NULL auto_increment,
  `file_pack` varchar(50) NOT NULL default '',
  `file_pack_cat` varchar(50) NOT NULL default '',
  `file_cat` varchar(50) NOT NULL default '',
  `file_name` varchar(100) NOT NULL default '',
  `file_desc` text NOT NULL,
  `file_fullname` varchar(100) NOT NULL default '',
  `file_downloads` varchar(11) NOT NULL default '',
  `file_date` varchar(30) NOT NULL default '',
  `file_timestamp` varchar(30) NOT NULL default '',
  PRIMARY KEY  (`file_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;[/CODE]

Where file_fullname is the full name of the file I want to download, for example; text.zip and file_id is the ID of the file.

The fileindex.txt contained the IDs and filenames like this instead:
[CODE]1:example.zip
2:example2.zip
3:example3.zip[/CODE]

I'm not that good at PHP coding so I can't see what needs to be changed to do what I want to do by just looking at the script...

Thanks in advance,
Best Regards
Oskar R

[oskare100]

Hello again,
I now,after a lot of help, got it working with this script;
[code=php:0]<?php
$allowed = 1;

include 'config.php';
include 'db_info.php';

$referrer = getenv('HTTP_REFERER');

if('' == $referrer)
{
    $allowed = ($allowblank) ? 1 : 0;
}
else
{
    $allowed = 0;
    foreach($alloweddomains as $domain)
    {
        if(substr($referrer, 0, strlen($domain)) == $domain)
        {
            $allowed = 1;
            break;
        }
    }
}

if(!$allowed)
{
    if($logging)
    {
        $status = 'Denied';
        include 'logit.php';
    }
    exit(0);
    //quiet leech kill
}

if(!isset($_GET['serve']) || $_GET['serve'] != (string) (int) $_GET['serve'] || (int) $_GET['serve'] <= 0)
{
    die('Parameter `serve` must be a positive integer.');
}

$conn = mysql_connect("$sqlhost", "$sqlusername", "$sqlpassword")
    or die('Unable to connect to MSQL: '.mysql_error($conn));
mysql_select_db('main', $conn)
    or die('Unable to select database: '.mysql_error($conn));
$result = mysql_query('select `file_fullname` from '$file_tbl' where `file_id` = "'.$_GET['serve'].'"', $conn)
    or die("Unable to perform query: ".mysql_error($conn));

if(0 == mysql_num_rows($result))
{
    die('File not found.');
}
$fileName = mysql_result($result, 0, 0)
    or die('Unable to retrieve result: '.mysql_error($conn));

$extension = (FALSE !== ($pos = strrpos($fileName, '.'))) ?
    substr($fileName, $pos + 1) :
    '';
   
// Content types block
switch($extension)
{
    case 'avi':
        $ct = 'video/avi';
        break;
    case 'bmp':
        $ct = 'image/bmp';
        break;
    case 'gif':
        $ct = 'image/gif';
        break;
    case 'jpeg':
    case 'jpg':
    case 'jpe':
        $ct = 'image/jpeg';
        break;
    case 'mov':
        $ct = 'video/quicktime';
        break;
    case 'mpeg':
    case 'mpg':
    case 'mpe':
        $ct = 'video/mpeg';
        break;
    case 'png':
        $ct = 'image/png';
        break;
    case 'swf':
        $ct = 'application/x-shockwave-flash';
        break;
    case 'wmv':
        $ct = 'video/x-ms-wmv';
        break;
    case 'rar':
    case 'zip':
        $ct = 'application/octet-stream';
        break;
       
    //END//
   
    default:
        $ct = 'application/octet-stream';
        if($logging)
        {
            $status = 'Generic_Filetype';
            include 'logit.php';
        }
}

$handle = @fopen($path.$fileName, 'rb') or die('Unable to select file.');

if(!$handle)
{
    die('Unable to transer file.');
}

header('Cache-Control: '); //keeps ie happy
header('Pragma: '); //keeps ie happy
header('Content-Type: '.$ct);

if('swf' != $extension) //flash plays, it isnt downloaded as an actual file.
{
    header('Content-Disposition: attachment; filename="'.$fileName.'"');
}

header('Content-Length: '.filesize($path.$fileName));
fpassthru($handle);

if($logging)
{
    $status = 'Granted';
    include 'logit.php';
}
?>[/code]

Now I've only one problem left with this part (hopefully) that I can't solve myself...

Different users has permission to download different files. Here is the structure of the files table again;
[CODE]CREATE TABLE `files` (
  `file_id` int(11) NOT NULL auto_increment,
  `file_pack` varchar(50) NOT NULL default '',
  `file_pack_cat` varchar(50) NOT NULL default '',
  `file_cat` varchar(50) NOT NULL default '',
  `file_name` varchar(100) NOT NULL default '',
  `file_desc` text NOT NULL,
  `file_fullname` varchar(100) NOT NULL default '',
  `file_downloads` varchar(11) NOT NULL default '',
  `file_date` varchar(30) NOT NULL default '',
  `file_timestamp` varchar(30) NOT NULL default '',
  PRIMARY KEY  (`file_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;[/CODE]

And as you can see each file has a "file_name" and some of the files belongs to a "file_pack" with several files in it.

I'm planning to store the files each user has permission to download in another seperate table with the name "user_perm", here is the structure of that table;
[CODE]CREATE TABLE `user_perm` (
  `perm_id` int(11) NOT NULL auto_increment,
  `perm_user` varchar(50) NOT NULL default '',
  `file_pack` varchar(30) NOT NULL default '',
  `file_name` varchar(100) NOT NULL default '',
  `perm_date` varchar(30) NOT NULL default '',
  `perm_timestamp` varchar(30) NOT NULL default '',
  PRIMARY KEY  (`perm_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;[/CODE]

So if a user tries to download one file with, for example, the ID 1 the script must check the "file_name" AND "file_pack" of that file. Then it must check in the "user_perm" and see if the user has permission to download either the "file_name" OR the "file_pack". In other words, it is enough if the user has permission to download the "file_pack" to which the file belongs to.

I've at least started with this (but I don't know if it is right);
[code=php:0]$result2 = mysql_query('select `file_name` , `file_pack` from '$file_tbl' where `file_id` = "'.$_GET['serve'].'"')
    or die( mysql_error() );[/code]
Then I don't know how to check both of the things (both "file_name" and "file_pack"). AND I don't know where in the script I should add the lines.

When the user login the username and password is stored in a session with this lines; [CODE]session_register("myusername");
session_register("mypassword"); [/CODE]

Also, Should I change the database structure or should I change something else in the structure of the system I'mn trying to build (for example with the user permission system)?

Thanks in advance,
Best Regards
Oskar R