I've a download script as shown in this post. My problem is that regarless of what I write in $path and $webaddress the script uses PHP and works! I need to be able to change it so it uses FTP instead of HTTP, can somebody please help? I would be very greatful if someone can help me with this!
Here is the script:
Code: Select all
<?php
session_start();
include 'db_info.php';
//path to files.
$path = "/home/domains/nddownl/";
// address to files. Remember trailing slash.
if($_GET['type'] == 'ftp') {
$webaddress = "ftp://username:password@domain.com/";
} elseif ($_GET['type'] == 'http') {
$webaddress = "http://username:password@domain.com/nddownl/";
} else {
echo "specify type";
}
//if this is set to 1, users without information on where they came from will still see your files. This is recommended, as some user's browsers block the
//referrer information - we don't want to lock anyone legitimate out. Set to 0 to disable.//
$allowblank = 1;
// Logging, 1 to enable, 2 t odisable
$logging = 1;
// Domains from where the files can be downloaded
$alloweddomains = array('ventiero.com');
$allowed = 1;
//path to files.
$path = "/home/domains/nddownl/";
// Connect to MySQL and select database
mysql_connect("$sqlhost", "$sqlusername", "$sqlpassword")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$cl="SELECT * FROM $user_tbl WHERE user_id='".mysql_real_escape_string($_SESSION['vuserid'])."' and password='".mysql_real_escape_string($_SESSION['vpassword'])."'";
$clresult=mysql_query($cl);
if(mysql_num_rows($clresult) == 1) {
//continue, user is logged in.
} else {
echo "You are not logged in";
die;
}
$allowed = 0;
if($allowblank > 0) { if($_SERVER['HTTP_REFERER']=="") { $allowed = 1; }}
$domains = count($alloweddomains);
for($y=0;$y<$domains+1;$y++) {
if((stristr($_SERVER['HTTP_REFERER'], $alloweddomains[$y]))) { $allowed = 1;}
}
if($allowed > 0) {
} else {
$status = 'Denied';
mysql_query("INSERT INTO downl_logs (user_id, file_id, ip, refer, status, logged) VALUES('".$_SESSION['vuserid']."', '".$_GET['file']."', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['HTTP_REFERER']."', '$status', NOW()) ")
or die(mysql_error());
echo "You do not have permission to download this file.";
die;
}
if(!isset($_GET['file']) || $_GET['file'] != (string) (int) $_GET['file'] || (int) $_GET['file'] <= 0)
{
die('Parameter `file` must be a positive integer.');
}
// Make sure that the user has permission to download the file
$result5 = mysql_query("SELECT cat_id, list_id FROM files WHERE file_id='".mysql_real_escape_string($_GET['file'])."'")
or die( mysql_error() );
$row1 = mysql_fetch_assoc($result5);
$result4 = mysql_query("SELECT pack_id FROM file_cats WHERE cat_id ='".$row1['cat_id']."'")
or die( mysql_error() );
$row2 = mysql_fetch_assoc($result4);
$result3 = mysql_query("SELECT * FROM $sales_tbl WHERE user_id = '".$_SESSION['vuserid']."' AND (file_id='".$_GET['file']."' OR pack_id='".$row2['pack_id']."' OR list_id='".$row1['list_id']."') ")
or die( mysql_error() );
if(mysql_num_rows($result3)>0){
// Continue if the user has permission to download the file
}else{
// Exit if the user doesn't have permission to download the file
echo "You do not have permission to download this file";
die;
}
// Make sure the full filename exists and get it
$result = mysql_query("select file_name from $file_tbl where file_id = '".$_GET['file']."'")
or die( mysql_error() );
if(0 == mysql_num_rows($result))
{
die('File not found.');
}
$fileName = mysql_result($result, 0, 0)
or die('Unable to retrieve result: '.mysql_error($conn));
$extension = (FALSE !== ($pos = strrpos($fileName, '.'))) ?
substr($fileName, $pos + 1) :
'';
// The content types
switch($extension)
{
case 'avi':
$ct = 'video/avi';
break;
case 'bmp':
$ct = 'image/bmp';
break;
case 'gif':
$ct = 'image/gif';
break;
case 'jpeg':
case 'jpg':
case 'jpe':
$ct = 'image/jpeg';
break;
case 'mov':
$ct = 'video/quicktime';
break;
case 'mpeg':
case 'mpg':
case 'mpe':
$ct = 'video/mpeg';
break;
case 'png':
$ct = 'image/png';
break;
case 'swf':
$ct = 'application/x-shockwave-flash';
break;
case 'wmv':
$ct = 'video/x-ms-wmv';
break;
case 'rar':
case 'zip':
$ct = 'application/octet-stream';
break;
//end content types
default:
$ct = 'application/octet-stream';
if($logging)
{
$status = 'Generic_Filetype';
mysql_query("INSERT INTO downl_logs (user_id, file_id, ip, refer, status, logged) VALUES('".$_SESSION['vuserid']."', '".$_GET['file']."', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['HTTP_REFERER']."', '$status', NOW()) ")
or die(mysql_error());
}
}
// Open the file that the user will download
$handle = @fopen($path.$fileName, 'rb') or die('Unable to select file.');
if(!$handle)
{
die('Unable to transer file.');
}
header('Cache-Control: '); //keeps ie happy
header('Pragma: '); //keeps ie happy
header('Content-Type: '.$ct);
if('swf' != $extension) //flash plays, it isnt downloaded as an actual file.
{
header('Content-Disposition: attachment; filename="'.$fileName.'"');
}
header('Content-Length: '.filesize($path.$fileName));
fpassthru($handle);
if($logging)
{
$status = 'Granted';
// Log the download in the download logs table
mysql_query("INSERT INTO downl_logs (user_id, file_id, ip, refer, status, logged) VALUES('".$_SESSION['vuserid']."', '".$_GET['file']."', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['HTTP_REFERER']."', '$status', NOW()) ")
or die(mysql_error());
// Log the download in the user table
mysql_query("UPDATE $user_tbl SET num_downloads=num_downloads+1 where user_id = '".$_SESSION['vuserid']."'")
or die( mysql_error() );
}
?>Oskar