Jump to content

Problem with download script! Really need help with this!

oskare100

By oskare100
in PHP Coding Help

 Share

Recommended Posts

oskare100 Member

oskare100

Posted
Posted

Hello,

I've a download script as shown in this post. My problem is that regarless of what I write in $path and $webaddress the script uses PHP and works! I need to be able to change it so it uses FTP instead of HTTP, can somebody please help? I would be very greatful if someone can help me with this!

 

Here is the script:

<?php
session_start();

include 'db_info.php';

//path to files.
$path = "/home/domains/nddownl/"; 

// address to files. Remember trailing slash.
if($_GET['type'] == 'ftp') {
$webaddress = "ftp://username:[email protected]/"; 
} elseif ($_GET['type'] == 'http') {
$webaddress = "http://username:[email protected]/nddownl/"; 
} else {
echo "specify type";
}

//if this is set to 1, users without information on where they came from will still see your files. This is recommended, as some user's browsers block the
//referrer information - we don't want to lock anyone legitimate out. Set to 0 to disable.//
$allowblank = 1; 

// Logging, 1 to enable, 2 t odisable
$logging = 1; 

// Domains from where the files can be downloaded
$alloweddomains = array('ventiero.com'); 

$allowed = 1;

//path to files.
$path = "/home/domains/nddownl/"; 

// Connect to MySQL and select database
mysql_connect("$sqlhost", "$sqlusername", "$sqlpassword")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB"); 

$cl="SELECT * FROM $user_tbl WHERE user_id='".mysql_real_escape_string($_SESSION['vuserid'])."' and password='".mysql_real_escape_string($_SESSION['vpassword'])."'"; 
$clresult=mysql_query($cl);
    if(mysql_num_rows($clresult) == 1) {
    //continue, user is logged in.
    } else {
    echo "You are not logged in";
    die;
    }

$allowed = 0;
if($allowblank > 0) { if($_SERVER['HTTP_REFERER']=="") { $allowed = 1; }}

$domains = count($alloweddomains);

for($y=0;$y<$domains+1;$y++) {
if((stristr($_SERVER['HTTP_REFERER'], $alloweddomains[$y]))) { $allowed = 1;}
}

if($allowed > 0) {

} else {
        $status = 'Denied';
            mysql_query("INSERT INTO downl_logs (user_id, file_id, ip, refer, status, logged) VALUES('".$_SESSION['vuserid']."', '".$_GET['file']."', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['HTTP_REFERER']."', '$status', NOW()) ") 
            or die(mysql_error());
    
    echo "You do not have permission to download this file.";
    die;
}

if(!isset($_GET['file']) || $_GET['file'] != (string) (int) $_GET['file'] || (int) $_GET['file'] <= 0)
{
    die('Parameter `file` must be a positive integer.');
}

// Make sure that the user has permission to download the file
$result5 = mysql_query("SELECT cat_id, list_id FROM files WHERE file_id='".mysql_real_escape_string($_GET['file'])."'")
    or die( mysql_error() );
$row1 = mysql_fetch_assoc($result5);

$result4 = mysql_query("SELECT pack_id FROM file_cats WHERE cat_id ='".$row1['cat_id']."'")
    or die( mysql_error() );
$row2 = mysql_fetch_assoc($result4);

$result3 = mysql_query("SELECT * FROM $sales_tbl WHERE user_id = '".$_SESSION['vuserid']."' AND (file_id='".$_GET['file']."' OR pack_id='".$row2['pack_id']."' OR list_id='".$row1['list_id']."') ")
    or die( mysql_error() );

if(mysql_num_rows($result3)>0){
  // Continue if the user has permission to download the file
}else{
// Exit if the user doesn't have permission to download the file
echo "You do not have permission to download this file";
die;
} 

// Make sure the full filename exists and get it
$result = mysql_query("select file_name from $file_tbl where file_id = '".$_GET['file']."'")
    or die( mysql_error() );

if(0 == mysql_num_rows($result))
{
    die('File not found.');
}
$fileName = mysql_result($result, 0, 0)
    or die('Unable to retrieve result: '.mysql_error($conn));

$extension = (FALSE !== ($pos = strrpos($fileName, '.'))) ?
    substr($fileName, $pos + 1) :
    '';
    
// The content types
switch($extension)
{
    case 'avi':
        $ct = 'video/avi';
        break;
    case 'bmp':
        $ct = 'image/bmp';
        break;
    case 'gif':
        $ct = 'image/gif';
        break;
    case 'jpeg':
    case 'jpg':
    case 'jpe':
        $ct = 'image/jpeg';
        break;
    case 'mov':
        $ct = 'video/quicktime';
        break;
    case 'mpeg':
    case 'mpg':
    case 'mpe':
        $ct = 'video/mpeg';
        break;
    case 'png':
        $ct = 'image/png';
        break;
    case 'swf':
        $ct = 'application/x-shockwave-flash';
        break;
    case 'wmv':
        $ct = 'video/x-ms-wmv';
        break;
    case 'rar':
    case 'zip':
        $ct = 'application/octet-stream';
        break;
        
//end content types
    
    default:
        $ct = 'application/octet-stream';
        if($logging)
        {
            $status = 'Generic_Filetype';
            mysql_query("INSERT INTO downl_logs (user_id, file_id, ip, refer, status, logged) VALUES('".$_SESSION['vuserid']."', '".$_GET['file']."', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['HTTP_REFERER']."', '$status', NOW()) ") 
            or die(mysql_error());
        }
}

// Open the file that the user will download
$handle = @fopen($path.$fileName, 'rb') or die('Unable to select file.');

if(!$handle)
{
    die('Unable to transer file.');
}

header('Cache-Control: '); //keeps ie happy
header('Pragma: '); //keeps ie happy
header('Content-Type: '.$ct);

if('swf' != $extension) //flash plays, it isnt downloaded as an actual file.
{
    header('Content-Disposition: attachment; filename="'.$fileName.'"');
}

header('Content-Length: '.filesize($path.$fileName));
fpassthru($handle);

if($logging)
{
    $status = 'Granted';
    
    // Log the download in the download logs table
    mysql_query("INSERT INTO downl_logs (user_id, file_id, ip, refer, status, logged) VALUES('".$_SESSION['vuserid']."', '".$_GET['file']."', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['HTTP_REFERER']."', '$status', NOW()) ") 
    or die(mysql_error());
    
    // Log the download in the user table
    mysql_query("UPDATE $user_tbl SET num_downloads=num_downloads+1 where user_id = '".$_SESSION['vuserid']."'")
      or die( mysql_error() );
}
?>

 

Thanks in advance,

Oskar

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.