[go: nahoru, domu]

    Voting

    : two minus one?
    (Example: nine)

    The Note You're Voting On

    planetmaster at planetgac dot com
    18 years ago
    Using pieces of the forced download script, adding in MySQL database functions, and hiding the file location for security was what we needed for downloading wmv files from our members creations without prompting Media player as well as secure the file itself and use only database queries. Something to the effect below, very customizable for private access, remote files, and keeping order of your online media.

    <?
    # Protect Script against SQL-Injections
    $fileid=intval($_GET[id]);
    # setup SQL statement
    $sql = " SELECT id, fileurl, filename, filesize FROM ibf_movies WHERE id=' $fileid' ";

    # execute SQL statement
    $res = mysql_query($sql);

    # display results
    while ($row = mysql_fetch_array($res)) {
    $fileurl = $row['fileurl'];
    $filename= $row['filename'];
    $filesize= $row['filesize'];

    $file_extension = strtolower(substr(strrchr($filename,"."),1));

    switch ($file_extension) {
    case "wmv": $ctype="video/x-ms-wmv"; break;
    default: $ctype="application/force-download";
    }

    // required for IE, otherwise Content-disposition is ignored
    if(ini_get('zlib.output_compression'))
    ini_set('zlib.output_compression', 'Off');

    header("Pragma: public");
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Cache-Control: private",false);
    header("Content-Type: video/x-ms-wmv");
    header("Content-Type: $ctype");
    header("Content-Disposition: attachment; filename=\"".basename($filename)."\";");
    header("Content-Transfer-Encoding: binary");
    header("Content-Length: ".@filesize($filename));
    set_time_limit(0);
    @readfile("$fileurl") or die("File not found.");

    }

    $donwloaded = "downloads + 1";

    if ($_GET["hit"]) {
    mysql_query("UPDATE ibf_movies SET downloads = $donwloaded WHERE id=' $fileid'");

    }

    ?>

    While at it I added into download.php a hit (download) counter. Of course you need to setup the DB, table, and columns. Email me for Full setup// Session marker is also a security/logging option
    Used in the context of linking:
    http://www.yourdomain.com/download.php?id=xx&hit=1

    [Edited by sp@php.net: Added Protection against SQL-Injection]

    << Back to user notes page

    To Top