oskare100 Posted December 25, 2006 Share Posted December 25, 2006 Hello, 've a download script that "hides" the real address of files from the person who wants to download it. What I want to do is to make it use my database instead of the text file as it is using now.Here is the full script as it looked before I started editing it:[code=php:0]<?php $allowed = 0;include('config.php');if($allowblank > 0) { if($_SERVER['HTTP_REFERER']=="") { $allowed = 1; }}$domains = count($alloweddomains);for($y=0;$y<$domains+1;$y++) { if((stristr($_SERVER['HTTP_REFERER'], $alloweddomains[$y]))) { $allowed = 1;}}if($allowed > 0) { $namenumberarray = file($webaddress."fileindex.txt"); $numberoffiles = count($namenumberarray); $filenames = array(); for($x=0;$x<$numberoffiles+1;$x++) { $temporary = explode(":",$namenumberarray[$x]); $tempname = explode("\n",$temporary[1]); $filenames[$temporary[0]] = $tempname[0]; } if(!isset($filenames[$_GET['serve']])) { if($logging > 0){ $status = "ReqNF"; include('logit.php'); } echo('That number wasnt found!'); exit; } $wantedfilename = $filenames[$_GET['serve']]; $extension = explode(".", $wantedfilename); $numberinarray = count($extension); $lcext = strtolower($extension[$numberinarray-1]); //BEGIN CONTENT TYPES BLOCK. ADD OR REMOVE FILE TYPES HERE, AS SHOWN // //DON'T EDIT THIS UNLESS YOU KNOW WHAT YOU ARE DOING!// //MOST COMMON FILE TYPES ARE ALREADY INCLUDED// switch($lcext) { case ($lcext == "swf"): $commonname="flash"; $ct = "Content-type: application/x-shockwave-flash"; break; case ($lcext == "wmv"): $commonname="wmv"; $ct = "Content-type: video/x-ms-wmv"; break; case ($lcext == "mov"): $commonname="quicktime movie"; $ct = "Content-type: video/quicktime"; break; case ($lcext == "avi"): $commonname="avi video"; $ct = "Content-type: video/avi"; break; case ($lcext == "rar"): $commonname="winrar"; $ct = "Content-type: application/octet-stream"; break; case ($lcext == "zip"): $commonname="zip"; $ct = "Content-type: application/octet-stream"; break; case ($lcext == "bmp"): $commonname="bitmap"; $ct = "Content-type: image/bmp"; break; case ($lcext == "gif"): $commonname="gif"; $ct = "Content-type: image/gif"; break; case ($lcext == "jpeg" || $lcext == "jpg" || $lcext == "jpe"): $commonname="jpeg"; $ct = "Content-type: image/jpeg"; break; case ($lcext == "mpeg" || $lcext == "mpg" || $lcext == "mpe"): $commonname="mpeg"; $ct = "Content-type: video/mpeg"; break; case ($lcext == "png"): $commonname="png"; $ct = "Content-type: image/png"; break; //END// default: $commonname="Generic Filetype"; $ct = "Content-type: application/octet-stream"; if($logging > 0){ $status = "Generic_Filetype"; include('logit.php'); } } $handle = fopen($webaddress.$wantedfilename, "rb"); header("Cache-Control: "); //keeps ie happy header("Pragma: "); //keeps ie happy header($ct); //content type as set above from explode(); if(!stristr($lcext, "swf")){//flash plays, it isnt downloaded as an actual file. header("Content-Disposition: attachment; filename=\"".$wantedfilename."\""); } header("Content-Length: ".filesize($path.$wantedfilename)); fpassthru($handle); if($logging > 0){ $status = "Granted"; include('logit.php'); } exit;}else { if($logging > 0){ $status = "Denied"; include('logit.php'); } exit; //quiet leech kill}?>[/code]As you can see in the script I want the script to hide the real download location. So I can download the file with the ID 1 by visiting "/thescript.php?serve=1" and the file with the ID 2 by visiting "/thescript.php?serve=2".Here is the database structure;[CODE]CREATE TABLE `files` ( `file_id` int(11) NOT NULL auto_increment, `file_pack` varchar(50) NOT NULL default '', `file_pack_cat` varchar(50) NOT NULL default '', `file_cat` varchar(50) NOT NULL default '', `file_name` varchar(100) NOT NULL default '', `file_desc` text NOT NULL, `file_fullname` varchar(100) NOT NULL default '', `file_downloads` varchar(11) NOT NULL default '', `file_date` varchar(30) NOT NULL default '', `file_timestamp` varchar(30) NOT NULL default '', PRIMARY KEY (`file_id`)) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;[/CODE]Where file_fullname is the full name of the file I want to download, for example; text.zip and file_id is the ID of the file.The fileindex.txt contained the IDs and filenames like this instead:[CODE]1:example.zip2:example2.zip3:example3.zip[/CODE]I'm not that good at PHP coding so I can't see what needs to be changed to do what I want to do by just looking at the script...Thanks in advance,Best RegardsOskar R Quote Link to comment Share on other sites More sharing options...
oskare100 Posted December 25, 2006 Author Share Posted December 25, 2006 Hello again,I now,after a lot of help, got it working with this script;[code=php:0]<?php$allowed = 1;include 'config.php';include 'db_info.php';$referrer = getenv('HTTP_REFERER');if('' == $referrer){ $allowed = ($allowblank) ? 1 : 0;}else{ $allowed = 0; foreach($alloweddomains as $domain) { if(substr($referrer, 0, strlen($domain)) == $domain) { $allowed = 1; break; } }}if(!$allowed){ if($logging) { $status = 'Denied'; include 'logit.php'; } exit(0); //quiet leech kill}if(!isset($_GET['serve']) || $_GET['serve'] != (string) (int) $_GET['serve'] || (int) $_GET['serve'] <= 0){ die('Parameter `serve` must be a positive integer.');}$conn = mysql_connect("$sqlhost", "$sqlusername", "$sqlpassword") or die('Unable to connect to MSQL: '.mysql_error($conn));mysql_select_db('main', $conn) or die('Unable to select database: '.mysql_error($conn));$result = mysql_query('select `file_fullname` from '$file_tbl' where `file_id` = "'.$_GET['serve'].'"', $conn) or die("Unable to perform query: ".mysql_error($conn));if(0 == mysql_num_rows($result)){ die('File not found.');}$fileName = mysql_result($result, 0, 0) or die('Unable to retrieve result: '.mysql_error($conn));$extension = (FALSE !== ($pos = strrpos($fileName, '.'))) ? substr($fileName, $pos + 1) : ''; // Content types blockswitch($extension){ case 'avi': $ct = 'video/avi'; break; case 'bmp': $ct = 'image/bmp'; break; case 'gif': $ct = 'image/gif'; break; case 'jpeg': case 'jpg': case 'jpe': $ct = 'image/jpeg'; break; case 'mov': $ct = 'video/quicktime'; break; case 'mpeg': case 'mpg': case 'mpe': $ct = 'video/mpeg'; break; case 'png': $ct = 'image/png'; break; case 'swf': $ct = 'application/x-shockwave-flash'; break; case 'wmv': $ct = 'video/x-ms-wmv'; break; case 'rar': case 'zip': $ct = 'application/octet-stream'; break; //END// default: $ct = 'application/octet-stream'; if($logging) { $status = 'Generic_Filetype'; include 'logit.php'; }}$handle = @fopen($path.$fileName, 'rb') or die('Unable to select file.');if(!$handle){ die('Unable to transer file.');}header('Cache-Control: '); //keeps ie happyheader('Pragma: '); //keeps ie happyheader('Content-Type: '.$ct);if('swf' != $extension) //flash plays, it isnt downloaded as an actual file.{ header('Content-Disposition: attachment; filename="'.$fileName.'"');}header('Content-Length: '.filesize($path.$fileName));fpassthru($handle);if($logging){ $status = 'Granted'; include 'logit.php';}?>[/code]Now I've only one problem left with this part (hopefully) that I can't solve myself...Different users has permission to download different files. Here is the structure of the files table again;[CODE]CREATE TABLE `files` ( `file_id` int(11) NOT NULL auto_increment, `file_pack` varchar(50) NOT NULL default '', `file_pack_cat` varchar(50) NOT NULL default '', `file_cat` varchar(50) NOT NULL default '', `file_name` varchar(100) NOT NULL default '', `file_desc` text NOT NULL, `file_fullname` varchar(100) NOT NULL default '', `file_downloads` varchar(11) NOT NULL default '', `file_date` varchar(30) NOT NULL default '', `file_timestamp` varchar(30) NOT NULL default '', PRIMARY KEY (`file_id`)) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;[/CODE]And as you can see each file has a "file_name" and some of the files belongs to a "file_pack" with several files in it.I'm planning to store the files each user has permission to download in another seperate table with the name "user_perm", here is the structure of that table;[CODE]CREATE TABLE `user_perm` ( `perm_id` int(11) NOT NULL auto_increment, `perm_user` varchar(50) NOT NULL default '', `file_pack` varchar(30) NOT NULL default '', `file_name` varchar(100) NOT NULL default '', `perm_date` varchar(30) NOT NULL default '', `perm_timestamp` varchar(30) NOT NULL default '', PRIMARY KEY (`perm_id`)) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;[/CODE]So if a user tries to download one file with, for example, the ID 1 the script must check the "file_name" AND "file_pack" of that file. Then it must check in the "user_perm" and see if the user has permission to download either the "file_name" OR the "file_pack". In other words, it is enough if the user has permission to download the "file_pack" to which the file belongs to. I've at least started with this (but I don't know if it is right); [code=php:0]$result2 = mysql_query('select `file_name` , `file_pack` from '$file_tbl' where `file_id` = "'.$_GET['serve'].'"') or die( mysql_error() );[/code]Then I don't know how to check both of the things (both "file_name" and "file_pack"). AND I don't know where in the script I should add the lines.When the user login the username and password is stored in a session with this lines; [CODE]session_register("myusername");session_register("mypassword"); [/CODE]Also, Should I change the database structure or should I change something else in the structure of the system I'mn trying to build (for example with the user permission system)?Thanks in advance,Best RegardsOskar R Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.