...

View Full Version : Make the script use a database instead of text file



oskare100
12-25-2006, 04:05 PM
Hello,
I've a download script that "hides" the real address of files from the person who wants to download it. What I want to do is to make it use my database instead of the text file as it is using now.

Here is the full script as it looked before I started editing it:

<?php
$allowed = 0;
include('config.php');

if($allowblank > 0) { if($_SERVER['HTTP_REFERER']=="") { $allowed = 1; }}

$domains = count($alloweddomains);

for($y=0;$y<$domains+1;$y++) {
if((stristr($_SERVER['HTTP_REFERER'], $alloweddomains[$y]))) { $allowed = 1;}
}

if($allowed > 0) {
$namenumberarray = file($webaddress."fileindex.txt");
$numberoffiles = count($namenumberarray);
$filenames = array();

for($x=0;$x<$numberoffiles+1;$x++) {
$temporary = explode(":",$namenumberarray[$x]);
$tempname = explode("\n",$temporary[1]);
$filenames[$temporary[0]] = $tempname[0];
}

if(!isset($filenames[$_GET['serve']])) {
if($logging > 0){
$status = "ReqNF";
include('logit.php');
}
echo('That number wasnt found!');
exit;
}

$wantedfilename = $filenames[$_GET['serve']];


$extension = explode(".", $wantedfilename);
$numberinarray = count($extension);

$lcext = strtolower($extension[$numberinarray-1]);

//BEGIN CONTENT TYPES BLOCK. ADD OR REMOVE FILE TYPES HERE, AS SHOWN //
//DON'T EDIT THIS UNLESS YOU KNOW WHAT YOU ARE DOING!//
//MOST COMMON FILE TYPES ARE ALREADY INCLUDED//

switch($lcext) {
case ($lcext == "swf"):
$commonname="flash";
$ct = "Content-type: application/x-shockwave-flash";
break;
case ($lcext == "wmv"):
$commonname="wmv";
$ct = "Content-type: video/x-ms-wmv";
break;
case ($lcext == "mov"):
$commonname="quicktime movie";
$ct = "Content-type: video/quicktime";
break;
case ($lcext == "avi"):
$commonname="avi video";
$ct = "Content-type: video/avi";
break;
case ($lcext == "rar"):
$commonname="winrar";
$ct = "Content-type: application/octet-stream";
break;
case ($lcext == "zip"):
$commonname="zip";
$ct = "Content-type: application/octet-stream";
break;
case ($lcext == "bmp"):
$commonname="bitmap";
$ct = "Content-type: image/bmp";
break;
case ($lcext == "gif"):
$commonname="gif";
$ct = "Content-type: image/gif";
break;
case ($lcext == "jpeg" || $lcext == "jpg" || $lcext == "jpe"):
$commonname="jpeg";
$ct = "Content-type: image/jpeg";
break;
case ($lcext == "mpeg" || $lcext == "mpg" || $lcext == "mpe"):
$commonname="mpeg";
$ct = "Content-type: video/mpeg";
break;
case ($lcext == "png"):
$commonname="png";
$ct = "Content-type: image/png";
break;

//END//

default:
$commonname="Generic Filetype";
$ct = "Content-type: application/octet-stream";

if($logging > 0){
$status = "Generic_Filetype";
include('logit.php');
}

}

$handle = fopen($webaddress.$wantedfilename, "rb");
header("Cache-Control: "); //keeps ie happy
header("Pragma: "); //keeps ie happy
header($ct); //content type as set above from explode();

if(!stristr($lcext, "swf")){//flash plays, it isnt downloaded as an actual file.
header("Content-Disposition: attachment; filename=\"".$wantedfilename."\"");
}

header("Content-Length: ".filesize($path.$wantedfilename));

fpassthru($handle);
if($logging > 0){
$status = "Granted";
include('logit.php');
}
exit;
}

else {
if($logging > 0){
$status = "Denied";
include('logit.php');
}
exit;
//quiet leech kill
}
?>

As you can see in the script I want the script to hide the real download location. So I can download the file with the ID 1 by visiting "/thescript.php?serve=1" and the file with the ID 2 by visiting "/thescript.php?serve=2".

Here is the structure of the database I want it to use instead of the text file;

CREATE TABLE `files` (
`file_id` int(11) NOT NULL auto_increment,
`file_pack` varchar(50) NOT NULL default '',
`file_pack_cat` varchar(50) NOT NULL default '',
`file_cat` varchar(50) NOT NULL default '',
`file_name` varchar(100) NOT NULL default '',
`file_desc` text NOT NULL,
`file_fullname` varchar(100) NOT NULL default '',
`file_downloads` varchar(11) NOT NULL default '',
`file_date` varchar(30) NOT NULL default '',
`file_timestamp` varchar(30) NOT NULL default '',
PRIMARY KEY (`file_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;

Where "file_fullname" is the full name of the file I want to download, for example; text.zip and "file_id" is the ID of the file.

The fileindex.txt (that I want to replace with the database) contained the IDs and filenames like this:

1:example.zip
2:example2.zip
3:example3.zip

I'm not that good at PHP coding so I can't see what needs to be changed to do what I want to do by just looking at the script...

Thanks in advance,
Best Regards
Oskar R

dumpfi
12-25-2006, 08:48 PM
This script should do it. You only need to replace the parameters to mysql_connect and mysql_select_db with appropriate values:
<?php
include 'config.php';

$referrer = getenv('HTTP_REFERER');

if('' == $referrer)
{
$allowed = ($allowblank) ? 1 : 0;
}
else
{
$allowed = 0;
foreach($alloweddomains as $domain)
{
if(substr($referrer, 0, strlen($domain)) == $domain)
{
$allowed = 1;
break;
}
}
}

if(!$allowed)
{
if($logging)
{
$status = 'Denied';
include 'logit.php';
}
exit(0);
//quiet leech kill
}

if(!isset($_GET['serve']) || $_GET['serve'] != (string) (int) $_GET['serve'] || (int) $_GET['serve'] <= 0)
{
die('Parameter `serve` must be a positive integer.');
}

$conn = mysql_connect('localhost', 'NAME', 'PASS')
or die('Unable to connect to MSQL: '.mysql_error($conn));
mysql_select_db('DB_NAME', $conn)
or die('Unable to select database: '.mysql_error($conn));
$result = mysql_query('select `file_fullname` from `files` where `file_id` = "'.$_GET['serve'].'"', $conn)
or die('Unable to perform query: '.mysql_error($conn));

if(0 == mysql_num_rows($result))
{
die('File not found.');
}
$fileName = mysql_result($result, 0, 0)
or die('Unable to retrieve result: '.mysql_error($conn));

$extension = (FALSE !== ($pos = strrpos($fileName, '.'))) ?
substr($fileName, $pos + 1) :
'';

//BEGIN CONTENT TYPES BLOCK. ADD OR REMOVE FILE TYPES HERE, AS SHOWN //
//DON'T EDIT THIS UNLESS YOU KNOW WHAT YOU ARE DOING!//
//MOST COMMON FILE TYPES ARE ALREADY INCLUDED//

switch($extension)
{
case 'avi':
$ct = 'video/avi';
break;
case 'bmp':
$ct = 'image/bmp';
break;
case 'gif':
$ct = 'image/gif';
break;
case 'jpeg':
case 'jpg':
case 'jpe':
$ct = 'image/jpeg';
break;
case 'mov':
$ct = 'video/quicktime';
break;
case 'mpeg':
case 'mpg':
case 'mpe':
$ct = 'video/mpeg';
break;
case 'png':
$ct = 'image/png';
break;
case 'swf':
$ct = 'application/x-shockwave-flash';
break;
case 'wmv':
$ct = 'video/x-ms-wmv';
break;
case 'rar':
case 'zip':
$ct = 'application/octet-stream';
break;

//END//

default:
$ct = 'application/octet-stream';
if($logging)
{
$status = 'Generic_Filetype';
include 'logit.php';
}
}

$handle = @fopen($path.$fileName, 'rb') or die('Unable to select file.');

if(!$handle)
{
die('Unable to transer file.');
}

header('Cache-Control: '); //keeps ie happy
header('Pragma: '); //keeps ie happy
header('Content-Type: '.$ct);

if('swf' != $extension) //flash plays, it isnt downloaded as an actual file.
{
header('Content-Disposition: attachment; filename="'.$fileName.'"');
}

header('Content-Length: '.filesize($path.$fileName));
fpassthru($handle);

if($logging)
{
$status = 'Granted';
include 'logit.php';
}
?>dumpfi

oskare100
12-26-2006, 12:29 AM
Hello,
Really thanks, your modification worked great, I'm very grateful for that :thumbsup:

Now I've only one problem left with this part (hopefully) that I can't solve myself...

Different users has permission to download different files. Here is the structure of the files table again;

CREATE TABLE `files` (
`file_id` int(11) NOT NULL auto_increment,
`file_pack` varchar(50) NOT NULL default '',
`file_pack_cat` varchar(50) NOT NULL default '',
`file_cat` varchar(50) NOT NULL default '',
`file_name` varchar(100) NOT NULL default '',
`file_desc` text NOT NULL,
`file_fullname` varchar(100) NOT NULL default '',
`file_downloads` varchar(11) NOT NULL default '',
`file_date` varchar(30) NOT NULL default '',
`file_timestamp` varchar(30) NOT NULL default '',
PRIMARY KEY (`file_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;

And as you can see each file has a "file_name" and some of the files belongs to a "file_pack" with several files in it.

I'm planning to store the files each user has permission to download in another seperate table with the name "user_perm", here is the structure of that table;

CREATE TABLE `user_perm` (
`perm_id` int(11) NOT NULL auto_increment,
`perm_user` varchar(50) NOT NULL default '',
`file_pack` varchar(30) NOT NULL default '',
`file_name` varchar(100) NOT NULL default '',
`perm_date` varchar(30) NOT NULL default '',
`perm_timestamp` varchar(30) NOT NULL default '',
PRIMARY KEY (`perm_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

So if a user tries to download one file with, for example, the ID 1 the script must check the "file_name" AND "file_pack" of that file. Then it must check in the "user_perm" and see if the user has permission to download either the "file_name" OR the "file_pack". In other words, it is enough if the user has permission to download the "file_pack" to which the file belongs to.

I've at least started with this;

$result2 = mysql_query('select `file_name` , `file_pack` from '$file_tbl' where `file_id` = "'.$_GET['serve'].'"')
or die( mysql_error() );
Then I don't know how to check both of the things (both "file_name" and "file_pack"). AND I don't know where in the script I should add the lines.

When the user login the username and password is stored in a session with this lines;
session_register("myusername");
session_register("mypassword");

Also, Should I change the database structure or should I change something else in the structure of the system I'mn trying to build (for example with the user permission system)?

Thanks in advance,
Best Regards
Oskar R



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum