Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Dec 2006
    Posts
    57
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Make the script use a database instead of text file

    Hello,
    I've a download script that "hides" the real address of files from the person who wants to download it. What I want to do is to make it use my database instead of the text file as it is using now.

    Here is the full script as it looked before I started editing it:
    PHP Code:
    <?php 
    $allowed 
    0;
    include(
    'config.php');

    if(
    $allowblank 0) { if($_SERVER['HTTP_REFERER']=="") { $allowed 1; }}

    $domains count($alloweddomains);

    for(
    $y=0;$y<$domains+1;$y++) {
        if((
    stristr($_SERVER['HTTP_REFERER'], $alloweddomains[$y]))) { $allowed 1;}
    }

    if(
    $allowed 0) {
                            
    $namenumberarray file($webaddress."fileindex.txt");
                            
    $numberoffiles count($namenumberarray);
                            
    $filenames = array();
                            
                            for(
    $x=0;$x<$numberoffiles+1;$x++) {
                                
    $temporary explode(":",$namenumberarray[$x]);
                                
    $tempname explode("\n",$temporary[1]);
                                
    $filenames[$temporary[0]] = $tempname[0];
                            }
                            
                            if(!isset(
    $filenames[$_GET['serve']])) { 
                                if(
    $logging 0){
                                    
    $status "ReqNF";
                                    include(
    'logit.php');
                                }
                                echo(
    'That number wasnt found!');
                                exit;
                            }
                            
                            
    $wantedfilename $filenames[$_GET['serve']];
                                                            
                                                            
                            
    $extension explode("."$wantedfilename);
                            
    $numberinarray count($extension);
                            
                            
    $lcext strtolower($extension[$numberinarray-1]);
                            
                            
    //BEGIN CONTENT TYPES BLOCK. ADD OR REMOVE FILE TYPES HERE, AS SHOWN //
                            //DON'T EDIT THIS UNLESS YOU KNOW WHAT YOU ARE DOING!//
                            //MOST COMMON FILE TYPES ARE ALREADY INCLUDED//
                            
                            
    switch($lcext) {
                                case (
    $lcext == "swf"): 
                                    
    $commonname="flash"
                                    
    $ct "Content-type: application/x-shockwave-flash";
                                break;
                                case (
    $lcext == "wmv"): 
                                    
    $commonname="wmv"
                                    
    $ct "Content-type: video/x-ms-wmv";
                                break;
                                case (
    $lcext == "mov"): 
                                    
    $commonname="quicktime movie"
                                    
    $ct "Content-type: video/quicktime";
                                break;
                                case (
    $lcext == "avi"): 
                                    
    $commonname="avi video"
                                    
    $ct "Content-type: video/avi";
                                break;
                                case (
    $lcext == "rar"): 
                                    
    $commonname="winrar"
                                    
    $ct "Content-type: application/octet-stream";
                                break;
                                case (
    $lcext == "zip"): 
                                    
    $commonname="zip"
                                    
    $ct "Content-type: application/octet-stream";
                                break;
                                case (
    $lcext == "bmp"): 
                                    
    $commonname="bitmap"
                                    
    $ct "Content-type: image/bmp";
                                break;
                                case (
    $lcext == "gif"): 
                                    
    $commonname="gif"
                                    
    $ct "Content-type: image/gif";
                                break;
                                case (
    $lcext == "jpeg" || $lcext == "jpg" || $lcext == "jpe"): 
                                    
    $commonname="jpeg"
                                    
    $ct "Content-type: image/jpeg";
                                break;
                                case (
    $lcext == "mpeg" || $lcext == "mpg" || $lcext == "mpe"): 
                                    
    $commonname="mpeg"
                                    
    $ct "Content-type: video/mpeg";
                                break;
                                case (
    $lcext == "png"): 
                                    
    $commonname="png"
                                    
    $ct "Content-type: image/png";
                                break;
                                
                                
    //END//
                                
                                
    default: 
                                    
    $commonname="Generic Filetype"
                                    
    $ct "Content-type: application/octet-stream";
                                    
                                    if(
    $logging 0){
                                        
    $status "Generic_Filetype";
                                        include(
    'logit.php');
                                    }
                                
                            }
                            
                            
    $handle fopen($webaddress.$wantedfilename"rb");
                            
    header("Cache-Control: "); //keeps ie happy
                            
    header("Pragma: "); //keeps ie happy
                            
    header($ct); //content type as set above from explode();
                            
                            
    if(!stristr($lcext"swf")){//flash plays, it isnt downloaded as an actual file.
                                
    header("Content-Disposition: attachment; filename=\"".$wantedfilename."\"");
                            }
                            
                            
    header("Content-Length: ".filesize($path.$wantedfilename));
                            
                            
    fpassthru($handle);
                            if(
    $logging 0){
                                
    $status "Granted";
                                include(
    'logit.php');
                            }
                            exit;
    }

    else {
        if(
    $logging 0){
            
    $status "Denied";
            include(
    'logit.php');
        }
        exit;
        
    //quiet leech kill
    }
    ?>
    As you can see in the script I want the script to hide the real download location. So I can download the file with the ID 1 by visiting "/thescript.php?serve=1" and the file with the ID 2 by visiting "/thescript.php?serve=2".

    Here is the structure of the database I want it to use instead of the text file;
    Code:
    CREATE TABLE `files` (
      `file_id` int(11) NOT NULL auto_increment,
      `file_pack` varchar(50) NOT NULL default '',
      `file_pack_cat` varchar(50) NOT NULL default '',
      `file_cat` varchar(50) NOT NULL default '',
      `file_name` varchar(100) NOT NULL default '',
      `file_desc` text NOT NULL,
      `file_fullname` varchar(100) NOT NULL default '',
      `file_downloads` varchar(11) NOT NULL default '',
      `file_date` varchar(30) NOT NULL default '',
      `file_timestamp` varchar(30) NOT NULL default '',
      PRIMARY KEY  (`file_id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;
    Where "file_fullname" is the full name of the file I want to download, for example; text.zip and "file_id" is the ID of the file.

    The fileindex.txt (that I want to replace with the database) contained the IDs and filenames like this:
    Code:
    1:example.zip
    2:example2.zip
    3:example3.zip
    I'm not that good at PHP coding so I can't see what needs to be changed to do what I want to do by just looking at the script...

    Thanks in advance,
    Best Regards
    Oskar R
    Last edited by oskare100; 12-25-2006 at 03:58 PM.

  • #2
    Regular Coder
    Join Date
    Jun 2004
    Posts
    565
    Thanks
    0
    Thanked 18 Times in 18 Posts
    This script should do it. You only need to replace the parameters to mysql_connect and mysql_select_db with appropriate values:
    PHP Code:
    <?php
    include 'config.php';

    $referrer getenv('HTTP_REFERER');

    if(
    '' == $referrer)
    {
        
    $allowed = ($allowblank) ? 0;
    }
    else
    {
        
    $allowed 0;
        foreach(
    $alloweddomains as $domain)
        {
            if(
    substr($referrer0strlen($domain)) == $domain)
            {
                
    $allowed 1;
                break;
            }
        }
    }

    if(!
    $allowed)
    {
        if(
    $logging)
        {
            
    $status 'Denied';
            include 
    'logit.php';
        }
        exit(
    0);
        
    //quiet leech kill
    }

    if(!isset(
    $_GET['serve']) || $_GET['serve'] != (string) (int) $_GET['serve'] || (int) $_GET['serve'] <= 0)
    {
        die(
    'Parameter `serve` must be a positive integer.');
    }

    $conn mysql_connect('localhost''NAME''PASS')
        or die(
    'Unable to connect to MSQL: '.mysql_error($conn));
    mysql_select_db('DB_NAME'$conn)
        or die(
    'Unable to select database: '.mysql_error($conn));
    $result mysql_query('select `file_fullname` from `files` where `file_id` = "'.$_GET['serve'].'"'$conn)
        or die(
    'Unable to perform query: '.mysql_error($conn));

    if(
    == mysql_num_rows($result))
    {
        die(
    'File not found.');
    }
    $fileName mysql_result($result00)
        or die(
    'Unable to retrieve result: '.mysql_error($conn));

    $extension = (FALSE !== ($pos strrpos($fileName'.'))) ?
        
    substr($fileName$pos 1) :
        
    '';
        
    //BEGIN CONTENT TYPES BLOCK. ADD OR REMOVE FILE TYPES HERE, AS SHOWN //
    //DON'T EDIT THIS UNLESS YOU KNOW WHAT YOU ARE DOING!//
    //MOST COMMON FILE TYPES ARE ALREADY INCLUDED//

    switch($extension)
    {
        case 
    'avi':
            
    $ct 'video/avi';
            break;
        case 
    'bmp':
            
    $ct 'image/bmp';
            break;
        case 
    'gif':
            
    $ct 'image/gif';
            break;
        case 
    'jpeg':
        case 
    'jpg':
        case 
    'jpe':
            
    $ct 'image/jpeg';
            break;
        case 
    'mov':
            
    $ct 'video/quicktime';
            break;
        case 
    'mpeg':
        case 
    'mpg':
        case 
    'mpe':
            
    $ct 'video/mpeg';
            break;
        case 
    'png':
            
    $ct 'image/png';
            break;
        case 
    'swf':
            
    $ct 'application/x-shockwave-flash';
            break;
        case 
    'wmv':
            
    $ct 'video/x-ms-wmv';
            break;
        case 
    'rar':
        case 
    'zip':
            
    $ct 'application/octet-stream';
            break;
            
        
    //END//
        
        
    default:
            
    $ct 'application/octet-stream';
            if(
    $logging)
            {
                
    $status 'Generic_Filetype';
                include 
    'logit.php';
            }
    }

    $handle = @fopen($path.$fileName'rb') or die('Unable to select file.');

    if(!
    $handle)
    {
        die(
    'Unable to transer file.');
    }

    header('Cache-Control: '); //keeps ie happy
    header('Pragma: '); //keeps ie happy
    header('Content-Type: '.$ct);

    if(
    'swf' != $extension//flash plays, it isnt downloaded as an actual file.
    {
        
    header('Content-Disposition: attachment; filename="'.$fileName.'"');
    }

    header('Content-Length: '.filesize($path.$fileName));
    fpassthru($handle);

    if(
    $logging)
    {
        
    $status 'Granted';
        include 
    'logit.php';
    }
    ?>
    dumpfi
    "Failure is not an option. It comes bundled with the software."
    ....../)/)..(\__/).(\(\................../)_/)......
    .....(-.-).(='.'=).(-.-)................(o.O)...../<)
    ....(.).(.)("}_("}(.)(.)...............(.)_(.))Ż/.
    ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
    Little did the bunnies suspect that one of them was a psychotic mass murderer with a 6 ft. axe.

  • #3
    New Coder
    Join Date
    Dec 2006
    Posts
    57
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Hello,
    Really thanks, your modification worked great, I'm very grateful for that

    Now I've only one problem left with this part (hopefully) that I can't solve myself...

    Different users has permission to download different files. Here is the structure of the files table again;
    Code:
    CREATE TABLE `files` (
      `file_id` int(11) NOT NULL auto_increment,
      `file_pack` varchar(50) NOT NULL default '',
      `file_pack_cat` varchar(50) NOT NULL default '',
      `file_cat` varchar(50) NOT NULL default '',
      `file_name` varchar(100) NOT NULL default '',
      `file_desc` text NOT NULL,
      `file_fullname` varchar(100) NOT NULL default '',
      `file_downloads` varchar(11) NOT NULL default '',
      `file_date` varchar(30) NOT NULL default '',
      `file_timestamp` varchar(30) NOT NULL default '',
      PRIMARY KEY  (`file_id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;
    And as you can see each file has a "file_name" and some of the files belongs to a "file_pack" with several files in it.

    I'm planning to store the files each user has permission to download in another seperate table with the name "user_perm", here is the structure of that table;
    Code:
    CREATE TABLE `user_perm` (
      `perm_id` int(11) NOT NULL auto_increment,
      `perm_user` varchar(50) NOT NULL default '',
      `file_pack` varchar(30) NOT NULL default '',
      `file_name` varchar(100) NOT NULL default '',
      `perm_date` varchar(30) NOT NULL default '',
      `perm_timestamp` varchar(30) NOT NULL default '',
      PRIMARY KEY  (`perm_id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
    So if a user tries to download one file with, for example, the ID 1 the script must check the "file_name" AND "file_pack" of that file. Then it must check in the "user_perm" and see if the user has permission to download either the "file_name" OR the "file_pack". In other words, it is enough if the user has permission to download the "file_pack" to which the file belongs to.

    I've at least started with this;
    PHP Code:
    $result2 mysql_query('select `file_name` , `file_pack` from '$file_tbl' where `file_id` = "'.$_GET['serve'].'"')
        or die( 
    mysql_error() ); 
    Then I don't know how to check both of the things (both "file_name" and "file_pack"). AND I don't know where in the script I should add the lines.

    When the user login the username and password is stored in a session with this lines;
    PHP Code:
    session_register("myusername");
    session_register("mypassword"); 
    Also, Should I change the database structure or should I change something else in the structure of the system I'mn trying to build (for example with the user permission system)?

    Thanks in advance,
    Best Regards
    Oskar R
    Last edited by oskare100; 12-25-2006 at 11:57 PM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •