Please Help w/ Script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nubian
Forum Newbie
Posts: 9
Joined: Wed Dec 08, 2004 7:32 pm

Please Help w/ Script

Post by nubian »

this is my php code:

Code: Select all

<?
    // ---------------- CONFIGURABLE SECTION -----------------

// Please modify the following or it will not work on your website.
// Relative to this .php file, ie. This file should not be in "thisotfolder".
// Make sure that the path you put below ends with a directory slash ("/"). The script below assumes it.
$rtadir = "videos/" ;

// Valid Referers
// Do not put any trailing slashes ("/") nor any "http://" prefixes.
$validprefixes = array (
    "forums.mywebsite.com",
    "mywebsite.com",
) ;

// Website Root
// Where people will be sent if you dont include the file name.
$homepage = "http://www.mywebsite.com/";

// What is your email address?
// Remove '//' and edit email to enable bad referer notification.
//$email = "yourname@yourdomain.com" ;

// ------------ END OF CONFIGURABLE SECTION ------------
//Shouldn't need editing from here on down

function isreferrerokay ( $referrer, $validprefixes )
{
    $validreferrer = 0 ;
    $authreferrer = current( $validprefixes );
    while ($authreferrer) {
     if (eregi( "^https?://$authreferrer/", $referrer )) {
        $validreferrer = 1 ;
        break ;
     }
     $authreferrer = next( $validprefixes );
    }
    return $validreferrer ;
}

//----------------------- main program -----------------------

//File from URL
$rta = $_GET['rta'] ;
//Referer
$referrer = getenv( "HTTP_REFERER" );

//Gets file extension
$split= explode(".", $rta);
$textcount= substr_count($rta, ".")+1;
$ttype =$split[$nextcount];
//link to ot including path + filename
$path = $rtadir . $rta ;

//If File doesnt exist
if (!file_exists($path)) {
echo "The file '$rta' does not exist";
exit;
}

if (isset($_GET['rta'])) {
    if (isreferrerokay($referrer, $validprefixes)) {
        header('Content-Description: File Transfer');
        header('Content-Type: application/force-download');
        header('Content-Length: ' . filesize($path));
        header('Content-Disposition: attachment; filename=' . basename($path));
        @readfile($path);
    }
    else {
        if (isset($email)) {
            mail( $email, "Bandwidth Theft Alert",
         "WARNING:\n\n$referrer\ntried to access\n$rta\n",
         "From: RTA Anti-Leech <$email>" );
        }
        echo "Invalid file.";
    }
}
else {
    header( "Location: $homepage" );
}
?>
this code worked for a while and now it doesn't...at least for me.
i was able to click on the link and it gave me a dialog window to download the video from my forum.
now it won't give me that dialog window to download when i click on the link. it'll give the "invalid file" error.
but users on my board are still able to click on the link with no problem except for me.
sometimes it works and sometimes it doesn't like if the code is unstable.
what gives???

i'm not much of a php coder.
this file was given to me by someone i know.
i'm having troubles getting a hold of this person.
is there anyway that i can optimize this file?
any one of you can tell me why it stopped working and it allows my other members to download?
any help on how to fix this issue will be greatly appreciated.
thanks in advance.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

the script is ignoring the fact that http_referer is an optional header and therefore doesn't always exist.
nubian
Forum Newbie
Posts: 9
Joined: Wed Dec 08, 2004 7:32 pm

Post by nubian »

timvw wrote:the script is ignoring the fact that http_referer is an optional header and therefore doesn't always exist.
i have no idea what you said but how would you fix this?
thank you greatly for your reply
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

What he is saying is that sometimes...

Code: Select all

<?php
$referrer = getenv( "HTTP_REFERER" );
?>
will be null (nothing) and that could possibly be causing your problem.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

the easy fix: make isreferrerokay always returns true.
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

you could modify the script to not use the referer, it would then make it so people could leach, but it would work no matter what.....

Code: Select all

<?
    // ---------------- CONFIGURABLE SECTION -----------------

// Please modify the following or it will not work on your website.
// Relative to this .php file, ie. This file should not be in "thisotfolder".
// Make sure that the path you put below ends with a directory slash ("/"). The script below assumes it.
$rtadir = "videos/" ;
// Website Root
// Where people will be sent if you dont include the file name.
$homepage = "http://www.mywebsite.com/";

// What is your email address?
// Remove '//' and edit email to enable bad referer notification.
//$email = "yourname@yourdomain.com" ;

// ------------ END OF CONFIGURABLE SECTION ------------
//Shouldn't need editing from here on down
//----------------------- main program -----------------------

//File from URL
$rta = $_GET['rta'] ;
//Gets file extension
$split= explode(".", $rta);
$textcount= substr_count($rta, ".")+1;
$ttype = $split[$nextcount];
//link to ot including path + filename
$path = $rtadir . $rta ;

//If File doesnt exist
if (!file_exists($path)) {
echo "The file '$rta' does not exist";
exit;
}

if (isset($_GET['rta'])) {
        header('Content-Description: File Transfer');
        header('Content-Type: application/force-download');
        header('Content-Length: ' . filesize($path));
        header('Content-Disposition: attachment; filename=' . basename($path));
        @readfile($path);

}
else {
    header( "Location: $homepage" );
}
?>
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

or like i did just get red of it alltogether, b/c if you make it always return true then its purpose is useless
nubian
Forum Newbie
Posts: 9
Joined: Wed Dec 08, 2004 7:32 pm

Post by nubian »

timvw wrote:the easy fix: make isreferrerokay always returns true.
i do appreciate your replies.
again i'm very very new to the php language.
it's no where near my flash actionscripting.
but i have books that i'm reading that i hope will sharpen my php knowledge.
i have no idea how i would set isreferrerokay to always returns true. :oops:
nubian
Forum Newbie
Posts: 9
Joined: Wed Dec 08, 2004 7:32 pm

Post by nubian »

dull1554 wrote:or like i did just get red of it alltogether, b/c if you make it always return true then its purpose is useless
i would like it so that people can not leech.
my server last month got absolutely raped beyond belief.
i felt so violated.
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

try the version that i posted, i totally elimited that function so it should work no matter what, and btw what browser(s) do you use?
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

I think the best thing to do would be to check if the referrer is null, and if it is load it with a valid referrer. That way it will still work when there is a referrer.
nubian
Forum Newbie
Posts: 9
Joined: Wed Dec 08, 2004 7:32 pm

Post by nubian »

dull1554 wrote:try the version that i posted, i totally elimited that function so it should work no matter what, and btw what browser(s) do you use?
i've tried this on both ie and firefox (newest ver) on both pc's that i have.
i know the problem is not on my end
nubian
Forum Newbie
Posts: 9
Joined: Wed Dec 08, 2004 7:32 pm

Post by nubian »

agtlewis wrote:I think the best thing to do would be to check if the referrer is null, and if it is load it with a valid referrer. That way it will still work when there is a referrer.
how could i get it so that it does that?
i do appreciate allof your help.
thank you
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Here ya go I fixed it. The following code was added.

Code: Select all

<?php
if ($referrer == '')
  {
  $referrer = "forums.mywebsite.com";
  }

?>
Here is the whole script again for you.

Code: Select all

<?php
<?
// ---------------- CONFIGURABLE SECTION -----------------// Please modify the following or it will not work on your website.
// Relative to this .php file, ie. This file should not be in "thisotfolder".
// Make sure that the path you put below ends with a directory slash ("/"). The script below assumes it.$rtadir = "videos/" ;
// Valid Referers// Do not put any trailing slashes ("/") nor any "http://" prefixes.
$validprefixes = array ("forums.mywebsite.com",    "mywebsite.com",) ;
// Website Root// Where people will be sent if you dont include the file name.
$homepage = "http://www.mywebsite.com/";
// What is your email address?// Remove '//' and edit email to enable bad referer notification.
//$email = "yourname@yourdomain.com" ;
// ------------ END OF CONFIGURABLE SECTION ------------
//Shouldn't need editing from here on down
function isreferrerokay ( $referrer, $validprefixes )
  {
  $validreferrer = 0 ;
  $authreferrer = current($validprefixes);

  while ($authreferrer)
    {
    if (eregi( "^https?://$authreferrer/", $referrer ))
      {
      $validreferrer = 1;
      break;
      }
    $authreferrer = next($validprefixes);
    }
    return $validreferrer ;}

//----------------------- main program -----------------------
//File from URL$rta = $_GET['rta'] ;
//Referer
$referrer = getenv("HTTP_REFERER" );
if ($referrer == '')
  {
  $referrer = "forums.mywebsite.com";
  }
//Gets file extension
$split= explode(".", $rta);
$textcount= substr_count($rta, ".")+1;$ttype =$split[$nextcount];
//link to ot including path + filename
$path = $rtadir . $rta;
//If File doesnt exist
if (!file_exists($path))
  {
  echo "The file '$rta' does not exist";
  exit;
  }

if (isset($_GET['rta']))
  {
  if (isreferrerokay($referrer, $validprefixes))
    {
    header('Content-Description: File Transfer');
    header('Content-Type: application/force-download');
    header('Content-Length: ' . filesize($path));
    header('Content-Disposition: attachment; filename=' . basename($path));
    @readfile($path);
    }
    else
    {
    if (isset($email))
      {
      mail($email, "Bandwidth Theft Alert", "WARNING:\n\n$referrer\ntried to access\n$rta\n", "From: RTA Anti-Leech <$email>" );
      }
      echo "Invalid file.";
    }
  }
  else
  {
  header( "Location: $homepage" );
  }
?>

?>
nubian
Forum Newbie
Posts: 9
Joined: Wed Dec 08, 2004 7:32 pm

Post by nubian »

8O
i had to fix line five.
it works now.
you guys are absolute gods....
i thank you dearly. :D
Last edited by nubian on Wed Dec 08, 2004 8:59 pm, edited 1 time in total.
Post Reply