oskare100 Posted April 12, 2007 Share Posted April 12, 2007 Hello, I've a download script as shown in this post. My problem is that regarless of what I write in $path and $webaddress the script uses PHP and works! I need to be able to change it so it uses FTP instead of HTTP, can somebody please help? I would be very greatful if someone can help me with this! Here is the script: <?php session_start(); include 'db_info.php'; //path to files. $path = "/home/domains/nddownl/"; // address to files. Remember trailing slash. if($_GET['type'] == 'ftp') { $webaddress = "ftp://username:[email protected]/"; } elseif ($_GET['type'] == 'http') { $webaddress = "http://username:[email protected]/nddownl/"; } else { echo "specify type"; } //if this is set to 1, users without information on where they came from will still see your files. This is recommended, as some user's browsers block the //referrer information - we don't want to lock anyone legitimate out. Set to 0 to disable.// $allowblank = 1; // Logging, 1 to enable, 2 t odisable $logging = 1; // Domains from where the files can be downloaded $alloweddomains = array('ventiero.com'); $allowed = 1; //path to files. $path = "/home/domains/nddownl/"; // Connect to MySQL and select database mysql_connect("$sqlhost", "$sqlusername", "$sqlpassword")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $cl="SELECT * FROM $user_tbl WHERE user_id='".mysql_real_escape_string($_SESSION['vuserid'])."' and password='".mysql_real_escape_string($_SESSION['vpassword'])."'"; $clresult=mysql_query($cl); if(mysql_num_rows($clresult) == 1) { //continue, user is logged in. } else { echo "You are not logged in"; die; } $allowed = 0; if($allowblank > 0) { if($_SERVER['HTTP_REFERER']=="") { $allowed = 1; }} $domains = count($alloweddomains); for($y=0;$y<$domains+1;$y++) { if((stristr($_SERVER['HTTP_REFERER'], $alloweddomains[$y]))) { $allowed = 1;} } if($allowed > 0) { } else { $status = 'Denied'; mysql_query("INSERT INTO downl_logs (user_id, file_id, ip, refer, status, logged) VALUES('".$_SESSION['vuserid']."', '".$_GET['file']."', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['HTTP_REFERER']."', '$status', NOW()) ") or die(mysql_error()); echo "You do not have permission to download this file."; die; } if(!isset($_GET['file']) || $_GET['file'] != (string) (int) $_GET['file'] || (int) $_GET['file'] <= 0) { die('Parameter `file` must be a positive integer.'); } // Make sure that the user has permission to download the file $result5 = mysql_query("SELECT cat_id, list_id FROM files WHERE file_id='".mysql_real_escape_string($_GET['file'])."'") or die( mysql_error() ); $row1 = mysql_fetch_assoc($result5); $result4 = mysql_query("SELECT pack_id FROM file_cats WHERE cat_id ='".$row1['cat_id']."'") or die( mysql_error() ); $row2 = mysql_fetch_assoc($result4); $result3 = mysql_query("SELECT * FROM $sales_tbl WHERE user_id = '".$_SESSION['vuserid']."' AND (file_id='".$_GET['file']."' OR pack_id='".$row2['pack_id']."' OR list_id='".$row1['list_id']."') ") or die( mysql_error() ); if(mysql_num_rows($result3)>0){ // Continue if the user has permission to download the file }else{ // Exit if the user doesn't have permission to download the file echo "You do not have permission to download this file"; die; } // Make sure the full filename exists and get it $result = mysql_query("select file_name from $file_tbl where file_id = '".$_GET['file']."'") or die( mysql_error() ); if(0 == mysql_num_rows($result)) { die('File not found.'); } $fileName = mysql_result($result, 0, 0) or die('Unable to retrieve result: '.mysql_error($conn)); $extension = (FALSE !== ($pos = strrpos($fileName, '.'))) ? substr($fileName, $pos + 1) : ''; // The content types switch($extension) { case 'avi': $ct = 'video/avi'; break; case 'bmp': $ct = 'image/bmp'; break; case 'gif': $ct = 'image/gif'; break; case 'jpeg': case 'jpg': case 'jpe': $ct = 'image/jpeg'; break; case 'mov': $ct = 'video/quicktime'; break; case 'mpeg': case 'mpg': case 'mpe': $ct = 'video/mpeg'; break; case 'png': $ct = 'image/png'; break; case 'swf': $ct = 'application/x-shockwave-flash'; break; case 'wmv': $ct = 'video/x-ms-wmv'; break; case 'rar': case 'zip': $ct = 'application/octet-stream'; break; //end content types default: $ct = 'application/octet-stream'; if($logging) { $status = 'Generic_Filetype'; mysql_query("INSERT INTO downl_logs (user_id, file_id, ip, refer, status, logged) VALUES('".$_SESSION['vuserid']."', '".$_GET['file']."', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['HTTP_REFERER']."', '$status', NOW()) ") or die(mysql_error()); } } // Open the file that the user will download $handle = @fopen($path.$fileName, 'rb') or die('Unable to select file.'); if(!$handle) { die('Unable to transer file.'); } header('Cache-Control: '); //keeps ie happy header('Pragma: '); //keeps ie happy header('Content-Type: '.$ct); if('swf' != $extension) //flash plays, it isnt downloaded as an actual file. { header('Content-Disposition: attachment; filename="'.$fileName.'"'); } header('Content-Length: '.filesize($path.$fileName)); fpassthru($handle); if($logging) { $status = 'Granted'; // Log the download in the download logs table mysql_query("INSERT INTO downl_logs (user_id, file_id, ip, refer, status, logged) VALUES('".$_SESSION['vuserid']."', '".$_GET['file']."', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['HTTP_REFERER']."', '$status', NOW()) ") or die(mysql_error()); // Log the download in the user table mysql_query("UPDATE $user_tbl SET num_downloads=num_downloads+1 where user_id = '".$_SESSION['vuserid']."'") or die( mysql_error() ); } ?> Thanks in advance, Oskar Link to comment https://forums.phpfreaks.com/topic/46699-problem-with-download-script-really-need-help-with-this/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.