Jump to content

Download.php Script.

Caion

By Caion
in Scripting Talk

 Share

Recommended Posts

Caion Apprentice

Caion

Posted
Posted (edited)

I'm trying to construct a download.php file to allow direct downloads of the media files on my site with an url that looks like this: "http://www.my-site.com/download.php?file=sample.mov"

 

There's one error that I need help with. First, here's the code I'm using.

 

><?php
$file = $_GET['file'];
$dirpath = '/path/to/public_html/';
$randdir = file ('videos.inc');
$trailslash = '/';
$directory = $dirpath . $randdir . $trailslash;


$download = $directory . $file;
if(!file_exists($download)) {

   echo 'The file you requested could not be found on this server. Please click back and try again';

} else {

   header('Content-Type: application/x-download');
   header('Content-Disposition: attachment; filename=' . $file);
   print file_get_contents($download);
   
}
?>

 

I'm trying to get the $randdir array to equal the directory named in the videos.inc file. But the code, as it's written here, causes the error message to display. Also, when I input the actual name of the directory into the $randdir array it works as normal.

 

The directory my files are stored in changes every few hours (a measure to combat hotlinkers), so I really need the mentioned array to equal what's written in the named file and work properly in the script.

 

Lastly, I'd like to know if it's possible to make the script so that it will only function if the person running it came from my site.

 

Thanks.

Edited by Caion
Guest helpbytes

Guest helpbytes

Posted
Posted (edited)

Why not just have videos.inc look like this:

 

$randdir = 'blah';

 

then include('videos.inc') in your download.php

 

Otherwise use $randdir = file('videos.inc')[0];

 

for the next part:

 

if (!preg_match('/^http:\/\/(www\.)?yoursite\.com.*$/i',getenv("HTTP_REFERER")) {

echo "Invalid Referer";

}

 

The user may not have a referer set, so you might check if its blank and allow that.

Edited by helpbytes
Caion Apprentice

Caion

Posted
  • Author
Posted (edited)
Why not just have videos.inc look like this:

 

$randdir = 'blah';

 

then include('videos.inc') in your download.php

 

Otherwise use $randdir = file('videos.inc')[0];

 

for the next part:

 

if (!preg_match('/^http:\/\/(www\.)?yoursite\.com.*$/i',getenv("HTTP_REFERER")) {

echo "Invalid Referer";

}

 

The user may not have a referer set, so you might check if its blank and allow that.

 

Correct me if I'm misunderstanding, but your first suggestion doesn't seem viable due to the fact that videos.inc is a random file who's value changes every few hours.

 

I have my site set up so that the directory my video files are stored in shifts, then the videos.inc file is updated to reflect that shift. All hyper links leading to the file make use of an <?php include> to update the link presented to the visitor on demand.

 

I'm aware I can just post the plain link to the file on the site, but I've been getting complaints and suggestions from visitors that they'd like to be able to directly dowload the media files with one click, thus the download.php script.

 

I tried using $randdir = file('videos.inc')[0]; and it was unsuccessful.

Edited by Caion
Guest helpbytes

Guest helpbytes

Posted
Posted

OK I presumed it would work

 

file() returns an array not a string.

 

So you would have to do

 

$vidinc = file('videos.inc');

$randdir = $vidinc[0];

 

Presuming videos.inc just contains one line.

 

My first(include) solution will break the rest of your site so best not to use ;-)

Caion Apprentice

Caion

Posted
  • Author
Posted
OK I presumed it would work

 

file() returns an array not a string.

 

So you would have to do

 

$vidinc = file('videos.inc');

$randdir = $vidinc[0];

 

Presuming videos.inc just contains one line.

 

My first(include) solution will break the rest of your site so best not to use ;-)

 

Just tried it out and it worked perfectly. Thanks!

Caion Apprentice

Caion

Posted
  • Author
Posted

One other thing.

 

The script now works fine, but I haven't had any luck finding instructions on how to check for and allow a blank referer.

Guest helpbytes

Guest helpbytes

Posted
Posted (edited) 
>$referer = getenv('HTTP_REFERER');
if ($referer!='' && !preg_match('/^http:\/\/(www\.)?yoursite\.com.*$/i',$referer) {
echo "Invalid Referer"; //Or whatever
}

Edited by helpbytes

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...