Modify so the script searches for the id in a database inst

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
oskare100
Forum Commoner
Posts: 80
Joined: Sun Oct 29, 2006 5:47 am

Modify so the script searches for the id in a database inst

Post by oskare100 »

Hello,
I've a download script that "hides" the read address and filename from the person who is downloading it. For the moment when you want to download a thing your can type for example "filescraper.php?serve=1" for the file with the ID 1. The part when the file script searches for the ID looks like this:

Code: Select all

if($allowed > 0) {
$namenumberarray = file($webaddress."fileindex.txt");
$numberoffiles = count($namenumberarray);
$filenames = array();
Where fileindex.txt contains the IDs like this:

Code: Select all

1:example.zip
2:example2.zip
3:example3.zip
I need the script to search for the ID's in a database instead. Each file in the database as one "file_id" and one "file_fullname" where the read name of the file is stored. The problem is that I can't get it working so I need help...

Best Regards
User avatar
dibyendrah
Forum Contributor
Posts: 491
Joined: Wed Oct 19, 2005 5:14 am
Location: Nepal
Contact:

Post by dibyendrah »

If you are just using a simple table which contains file id, file full name then what you need is the file id form whch there are various mechanism which you can pass these values. Like from GET, POST, Cookies, Sessions etc...
Whatver the mechanism of passing the variables, if you're storing download information in database, your query should look like

Code: Select all

SELECT `file_fullname` FROM `tablename` WHERE `file_id`= ".$file_id
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

Try googling for a PHP, MySQL tutorial there'll only be a couple of billion results or so.
oskare100
Forum Commoner
Posts: 80
Joined: Sun Oct 29, 2006 5:47 am

Post by oskare100 »

Hello,
Thanks, but I still can't get it to work with your info..

Here is the full script as it looked before I started editing it:

Code: Select all

<?php 
$allowed = 0;
include('config.php');

if($allowblank > 0) { if($_SERVER['HTTP_REFERER']=="") { $allowed = 1; }}

$domains = count($alloweddomains);

for($y=0;$y<$domains+1;$y++) {
	if((stristr($_SERVER['HTTP_REFERER'], $alloweddomains[$y]))) { $allowed = 1;}
}

if($allowed > 0) {
						$namenumberarray = file($webaddress."fileindex.txt");
						$numberoffiles = count($namenumberarray);
						$filenames = array();
						
						for($x=0;$x<$numberoffiles+1;$x++) {
							$temporary = explode(":",$namenumberarray[$x]);
							$tempname = explode("\n",$temporary[1]);
							$filenames[$temporary[0]] = $tempname[0];
						}
						
						if(!isset($filenames[$_GET['serve']])) { 
							if($logging > 0){
								$status = "ReqNF";
								include('logit.php');
							}
							echo('That number wasnt found!');
							exit;
						}
						
						$wantedfilename = $filenames[$_GET['serve']];
														
														
						$extension = explode(".", $wantedfilename);
						$numberinarray = count($extension);
						
						$lcext = strtolower($extension[$numberinarray-1]);
						
						//BEGIN CONTENT TYPES BLOCK. ADD OR REMOVE FILE TYPES HERE, AS SHOWN //
						//DON'T EDIT THIS UNLESS YOU KNOW WHAT YOU ARE DOING!//
						//MOST COMMON FILE TYPES ARE ALREADY INCLUDED//
						
						switch($lcext) {
							case ($lcext == "swf"): 
								$commonname="flash"; 
								$ct = "Content-type: application/x-shockwave-flash";
							break;
							case ($lcext == "wmv"): 
								$commonname="wmv"; 
								$ct = "Content-type: video/x-ms-wmv";
							break;
							case ($lcext == "mov"): 
								$commonname="quicktime movie"; 
								$ct = "Content-type: video/quicktime";
							break;
							case ($lcext == "avi"): 
								$commonname="avi video"; 
								$ct = "Content-type: video/avi";
							break;
							case ($lcext == "rar"): 
								$commonname="winrar"; 
								$ct = "Content-type: application/octet-stream";
							break;
							case ($lcext == "zip"): 
								$commonname="zip"; 
								$ct = "Content-type: application/octet-stream";
							break;
							case ($lcext == "bmp"): 
								$commonname="bitmap"; 
								$ct = "Content-type: image/bmp";
							break;
							case ($lcext == "gif"): 
								$commonname="gif"; 
								$ct = "Content-type: image/gif";
							break;
							case ($lcext == "jpeg" || $lcext == "jpg" || $lcext == "jpe"): 
								$commonname="jpeg"; 
								$ct = "Content-type: image/jpeg";
							break;
							case ($lcext == "mpeg" || $lcext == "mpg" || $lcext == "mpe"): 
								$commonname="mpeg"; 
								$ct = "Content-type: video/mpeg";
							break;
							case ($lcext == "png"): 
								$commonname="png"; 
								$ct = "Content-type: image/png";
							break;
							
							//END//
							
							default: 
								$commonname="Generic Filetype"; 
								$ct = "Content-type: application/octet-stream";
								
								if($logging > 0){
									$status = "Generic_Filetype";
									include('logit.php');
								}
							
						}
						
						$handle = fopen($webaddress.$wantedfilename, "rb");
						header("Cache-Control: "); //keeps ie happy
						header("Pragma: "); //keeps ie happy
						header($ct); //content type as set above from explode();
						
						if(!stristr($lcext, "swf")){//flash plays, it isnt downloaded as an actual file.
							header("Content-Disposition: attachment; filename=\"".$wantedfilename."\"");
						}
						
						header("Content-Length: ".filesize($path.$wantedfilename));
						
						fpassthru($handle);
						if($logging > 0){
							$status = "Granted";
							include('logit.php');
						}
						exit;
}

else {
	if($logging > 0){
		$status = "Denied";
		include('logit.php');
	}
	exit;
	//quiet leech kill
}
?>
As you can see in the script I want the script to hide the real download location. So I can download the file with the ID 1 by visiting "/thescript.php?serve=1" and the file with the ID 2 by visiting "/thescript.php?serve=2".

Here is the database structure;

Code: Select all

CREATE TABLE `files` (
  `file_id` int(11) NOT NULL auto_increment,
  `file_pack` varchar(50) NOT NULL default '',
  `file_pack_cat` varchar(50) NOT NULL default '',
  `file_cat` varchar(50) NOT NULL default '',
  `file_name` varchar(100) NOT NULL default '',
  `file_desc` text NOT NULL,
  `file_fullname` varchar(100) NOT NULL default '',
  `file_downloads` varchar(11) NOT NULL default '',
  `file_date` varchar(30) NOT NULL default '',
  `file_timestamp` varchar(30) NOT NULL default '',
  PRIMARY KEY  (`file_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;
Where file_fullname is the full name of the file I want to download, for example; text.zip and file_id is the ID of the file.

Oh, and as written in the first post, the fileindex.txt originally contained the IDs and filenames like this:

Code: Select all

1:example.zip
2:example2.zip
3:example3.zip
I'm not that good at PHP coding so I can't see what needs to be changed to do what I want to do by just looking at the script...

Thanks in advance...
Best Regards
oskare100
Forum Commoner
Posts: 80
Joined: Sun Oct 29, 2006 5:47 am

Post by oskare100 »

Hello again,
I now,after a lot of help, got it working with this script;

Code: Select all

<?php
$allowed = 1;

include 'config.php';
include 'db_info.php';

$referrer = getenv('HTTP_REFERER');

if('' == $referrer)
{
    $allowed = ($allowblank) ? 1 : 0;
}
else
{
    $allowed = 0;
    foreach($alloweddomains as $domain)
    {
        if(substr($referrer, 0, strlen($domain)) == $domain)
        {
            $allowed = 1;
            break;
        }
    }
}

if(!$allowed)
{
    if($logging)
    {
        $status = 'Denied';
        include 'logit.php';
    }
    exit(0);
    //quiet leech kill
}

if(!isset($_GET['serve']) || $_GET['serve'] != (string) (int) $_GET['serve'] || (int) $_GET['serve'] <= 0)
{
    die('Parameter `serve` must be a positive integer.');
}

$conn = mysql_connect("$sqlhost", "$sqlusername", "$sqlpassword")
    or die('Unable to connect to MSQL: '.mysql_error($conn));
mysql_select_db('main', $conn)
    or die('Unable to select database: '.mysql_error($conn));
$result = mysql_query('select `file_fullname` from '$file_tbl' where `file_id` = "'.$_GET['serve'].'"', $conn)
    or die("Unable to perform query: ".mysql_error($conn));

if(0 == mysql_num_rows($result))
{
    die('File not found.');
}
$fileName = mysql_result($result, 0, 0)
    or die('Unable to retrieve result: '.mysql_error($conn));

$extension = (FALSE !== ($pos = strrpos($fileName, '.'))) ?
    substr($fileName, $pos + 1) :
    '';
    
// Content types block
switch($extension)
{
    case 'avi':
        $ct = 'video/avi';
        break;
    case 'bmp':
        $ct = 'image/bmp';
        break;
    case 'gif':
        $ct = 'image/gif';
        break;
    case 'jpeg':
    case 'jpg':
    case 'jpe':
        $ct = 'image/jpeg';
        break;
    case 'mov':
        $ct = 'video/quicktime';
        break;
    case 'mpeg':
    case 'mpg':
    case 'mpe':
        $ct = 'video/mpeg';
        break;
    case 'png':
        $ct = 'image/png';
        break;
    case 'swf':
        $ct = 'application/x-shockwave-flash';
        break;
    case 'wmv':
        $ct = 'video/x-ms-wmv';
        break;
    case 'rar':
    case 'zip':
        $ct = 'application/octet-stream';
        break;
        
    //END//
    
    default:
        $ct = 'application/octet-stream';
        if($logging)
        {
            $status = 'Generic_Filetype';
            include 'logit.php';
        }
}

$handle = @fopen($path.$fileName, 'rb') or die('Unable to select file.');

if(!$handle)
{
    die('Unable to transer file.');
}

header('Cache-Control: '); //keeps ie happy
header('Pragma: '); //keeps ie happy
header('Content-Type: '.$ct);

if('swf' != $extension) //flash plays, it isnt downloaded as an actual file.
{
    header('Content-Disposition: attachment; filename="'.$fileName.'"');
}

header('Content-Length: '.filesize($path.$fileName));
fpassthru($handle);

if($logging)
{
    $status = 'Granted';
    include 'logit.php';
}
?>
Now I've only one problem left with this part (hopefully) that I can't solve myself...

Different users has permission to download different files. Here is the structure of the files table again;

Code: Select all

CREATE TABLE `files` (
  `file_id` int(11) NOT NULL auto_increment,
  `file_pack` varchar(50) NOT NULL default '',
  `file_pack_cat` varchar(50) NOT NULL default '',
  `file_cat` varchar(50) NOT NULL default '',
  `file_name` varchar(100) NOT NULL default '',
  `file_desc` text NOT NULL,
  `file_fullname` varchar(100) NOT NULL default '',
  `file_downloads` varchar(11) NOT NULL default '',
  `file_date` varchar(30) NOT NULL default '',
  `file_timestamp` varchar(30) NOT NULL default '',
  PRIMARY KEY  (`file_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;
And as you can see each file has a "file_name" and some of the files belongs to a "file_pack" with several files in it.

I'm planning to store the files each user has permission to download in another seperate table with the name "user_perm", here is the structure of that table;

Code: Select all

CREATE TABLE `user_perm` (
  `perm_id` int(11) NOT NULL auto_increment,
  `perm_user` varchar(50) NOT NULL default '',
  `file_pack` varchar(30) NOT NULL default '',
  `file_name` varchar(100) NOT NULL default '',
  `perm_date` varchar(30) NOT NULL default '',
  `perm_timestamp` varchar(30) NOT NULL default '',
  PRIMARY KEY  (`perm_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
So if a user tries to download one file with, for example, the ID 1 the script must check the "file_name" AND "file_pack" of that file. Then it must check in the "user_perm" and see if the user has permission to download either the "file_name" OR the "file_pack". In other words, it is enough if the user has permission to download the "file_pack" to which the file belongs to.

I've at least started with this (but I don't know if it is right);

Code: Select all

$result2 = mysql_query('select `file_name` , `file_pack` from '$file_tbl' where `file_id` = "'.$_GET['serve'].'"')
    or die( mysql_error() );
Then I don't know how to check both of the things (both "file_name" and "file_pack"). AND I don't know where in the script I should add the lines.

When the user login the username and password is stored in a session with this lines;

Code: Select all

session_register("myusername");
session_register("mypassword");
Also, Should I change the database structure or should I change something else in the structure of the system I'mn trying to build (for example with the user permission system)?

Thanks in advance,
Best Regards
Oskar R
Post Reply