I'm trying to construct a download.php file to allow direct downloads of the media files on my site with an url that looks like this: "http://www.my-site.com/download.php?file=sample.mov"<br /><br />There's one error that I need help with. First, here's the code I'm using.<br /><br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1--><?php<br />$file = $_GET['file'];<br />$dirpath = '/path/to/public_html/';<br />$randdir = file ('videos.inc');<br />$trailslash = '/';<br />$directory = $dirpath . $randdir . $trailslash;<br /><br /><br />$download = $directory . $file;<br />if(!file_exists($download)) {<br /><br /> Â Â echo 'The file you requested could not be found on this server. Please click back and try again';<br /><br />} else {<br /><br /> Â Â header('Content-Type: application/x-download');<br /> Â Â header('Content-Disposition: attachment; filename=' . $file);<br /> Â Â print file_get_contents($download);<br /> Â Â <br />}<br />?><!--c2--></div><!--ec2--><br /><br />I'm trying to get the $randdir array to equal the directory named in the videos.inc file. But the code, as it's written here, causes the error message to display. Also, when I input the actual name of the directory into the $randdir array it works as normal.<br /><br />The directory my files are stored in changes every few hours (a measure to combat hotlinkers), so I really need the mentioned array to equal what's written in the named file and work properly in the script.<br /><br />Lastly, I'd like to know if it's possible to make the script so that it will only function if the person running it came from my site.<br /><br />Thanks.<!--content-->
Why not just have videos.inc look like this:<br /><br />$randdir = 'blah';<br /><br />then include('videos.inc') in your download.php<br /><br />Otherwise use $randdir = file('videos.inc')[0];<br /><br />for the next part:<br /><br />if (!preg_match('/^http:\/\/(www\.)?yoursite\.com.*$/i',getenv("HTTP_REFERER")) {<br /> echo "Invalid Referer";<br />}<br /><br />The user may not have a referer set, so you might check if its blank and allow that.<!--content-->
<!--QuoteBegin-helpbytes+Jun 14 2005, 04:51 PM--><div class='quotetop'>QUOTE(helpbytes @ Jun 14 2005, 04:51 PM)</div><div class='quotemain'><!--QuoteEBegin-->Why not just have videos.inc look like this:<br /><br />$randdir = 'blah';<br /><br />then include('videos.inc') in your download.php<br /><br />Otherwise use $randdir = file('videos.inc')[0];<br /><br />for the next part:<br /><br />if (!preg_match('/^http:\/\/(www\.)?yoursite\.com.*$/i',getenv("HTTP_REFERER")) {<br /> echo "Invalid Referer";<br />}<br /><br />The user may not have a referer set, so you might check if its blank and allow that.<br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=135325"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />Correct me if I'm misunderstanding, but your first suggestion doesn't seem viable due to the fact that videos.inc is a random file who's value changes every few hours. <br /><br />I have my site set up so that the directory my video files are stored in shifts, then the videos.inc file is updated to reflect that shift. All hyper links leading to the file make use of an <?php include> to update the link presented to the visitor on demand.<br /><br />I'm aware I can just post the plain link to the file on the site, but I've been getting complaints and suggestions from visitors that they'd like to be able to directly dowload the media files with one click, thus the download.php script.<br /><br />I tried using $randdir = file('videos.inc')[0]; and it was unsuccessful.<!--content-->
OK I presumed it would work<br /><br />file() returns an array not a string.<br /><br />So you would have to do<br /><br />$vidinc = file('videos.inc');<br />$randdir = $vidinc[0];<br /><br />Presuming videos.inc just contains one line.<br /><br />My first(include) solution will break the rest of your site so best not to use ;-)<!--content-->
<!--QuoteBegin-helpbytes+Jun 14 2005, 05:15 PM--><div class='quotetop'>QUOTE(helpbytes @ Jun 14 2005, 05:15 PM)</div><div class='quotemain'><!--QuoteEBegin-->OK I presumed it would work<br /><br />file() returns an array not a string.<br /><br />So you would have to do<br /><br />$vidinc = file('videos.inc');<br />$randdir = $vidinc[0];<br /><br />Presuming videos.inc just contains one line.<br /><br />My first(include) solution will break the rest of your site so best not to use ;-)<br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=135328"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />Just tried it out and it worked perfectly. Thanks!<!--content-->
One other thing.<br /><br />The script now works fine, but I haven't had any luck finding instructions on how to check for and allow a blank referer.<!--content-->
<!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->$referer = getenv('HTTP_REFERER');<br />if ($referer!='' && !preg_match('/^http:\/\/(www\.)?yoursite\.com.*$/i',$referer) {<br />echo "Invalid Referer"; //Or whatever<br />}<!--c2--></div><!--ec2--><!--content-->
Why not just have videos.inc look like this:<br /><br />$randdir = 'blah';<br /><br />then include('videos.inc') in your download.php<br /><br />Otherwise use $randdir = file('videos.inc')[0];<br /><br />for the next part:<br /><br />if (!preg_match('/^http:\/\/(www\.)?yoursite\.com.*$/i',getenv("HTTP_REFERER")) {<br /> echo "Invalid Referer";<br />}<br /><br />The user may not have a referer set, so you might check if its blank and allow that.<!--content-->
<!--QuoteBegin-helpbytes+Jun 14 2005, 04:51 PM--><div class='quotetop'>QUOTE(helpbytes @ Jun 14 2005, 04:51 PM)</div><div class='quotemain'><!--QuoteEBegin-->Why not just have videos.inc look like this:<br /><br />$randdir = 'blah';<br /><br />then include('videos.inc') in your download.php<br /><br />Otherwise use $randdir = file('videos.inc')[0];<br /><br />for the next part:<br /><br />if (!preg_match('/^http:\/\/(www\.)?yoursite\.com.*$/i',getenv("HTTP_REFERER")) {<br /> echo "Invalid Referer";<br />}<br /><br />The user may not have a referer set, so you might check if its blank and allow that.<br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=135325"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />Correct me if I'm misunderstanding, but your first suggestion doesn't seem viable due to the fact that videos.inc is a random file who's value changes every few hours. <br /><br />I have my site set up so that the directory my video files are stored in shifts, then the videos.inc file is updated to reflect that shift. All hyper links leading to the file make use of an <?php include> to update the link presented to the visitor on demand.<br /><br />I'm aware I can just post the plain link to the file on the site, but I've been getting complaints and suggestions from visitors that they'd like to be able to directly dowload the media files with one click, thus the download.php script.<br /><br />I tried using $randdir = file('videos.inc')[0]; and it was unsuccessful.<!--content-->
OK I presumed it would work<br /><br />file() returns an array not a string.<br /><br />So you would have to do<br /><br />$vidinc = file('videos.inc');<br />$randdir = $vidinc[0];<br /><br />Presuming videos.inc just contains one line.<br /><br />My first(include) solution will break the rest of your site so best not to use ;-)<!--content-->
<!--QuoteBegin-helpbytes+Jun 14 2005, 05:15 PM--><div class='quotetop'>QUOTE(helpbytes @ Jun 14 2005, 05:15 PM)</div><div class='quotemain'><!--QuoteEBegin-->OK I presumed it would work<br /><br />file() returns an array not a string.<br /><br />So you would have to do<br /><br />$vidinc = file('videos.inc');<br />$randdir = $vidinc[0];<br /><br />Presuming videos.inc just contains one line.<br /><br />My first(include) solution will break the rest of your site so best not to use ;-)<br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=135328"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />Just tried it out and it worked perfectly. Thanks!<!--content-->
One other thing.<br /><br />The script now works fine, but I haven't had any luck finding instructions on how to check for and allow a blank referer.<!--content-->
<!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->$referer = getenv('HTTP_REFERER');<br />if ($referer!='' && !preg_match('/^http:\/\/(www\.)?yoursite\.com.*$/i',$referer) {<br />echo "Invalid Referer"; //Or whatever<br />}<!--c2--></div><!--ec2--><!--content-->