PHP - Only Allow Downloading Files For Users Who Pay

I have a bunch of users in a database (id, name, etc).   I have a bunch of documents which belong to users (id, filename, users_id, etc), and expect 500 or less per user.   The documents will be renamed to the document_id, and X-Sendfile (since they are stored under the document root) will be used to retrieve them and a header will be used to return them to their original name.   Is it recommended to make a separate folder for each user and store each individual user's documents in that folder, or create one folder for all documents?   If I go with the one folder approach, I will need some method from keeping the total files per folder below some reasonable limit (1,000?).  My thought is to estimate the maximum potential number of folders, and creating subfolders under the main document folder.  I will likely hash the ID, and use the first character to create the first subfolder, the second character to create a second subfolder in the first subfolder, and continue as long as needed to accommodate the maximum potential documents (if there are 1,000,000 potential folders, then three levels will keep the maximum per folder under 244).   Please provide rational for one approach over the other.   Thank you

hi...

I have a site that allows user to download some files.

at present if i type http://www.abc.com/files/xyz.zip it allows all the users to access and download files.

I want only the login users can access these files....... pls help how to do this.

thanks in advance

Hi,

I'm pretty new to this, so apologies if there's some simple solution/misunderstanding.

It seems to me that when the user uploads a file, PHP pulls in the file into the temporary directory and then you can query it using the $_FILES array. Assuming I am correct so far, I have two questions:

1. Is there anyway to prevent the upload to the temporary folder based on file size? Seems to me a good way to overload a server to upload 10GB files, even if they are picked up as "errors" and deleted from the temp folder.

2. How long do files stay in the temporary folder? Does PHP delete them automatically, and if so, when?

Thanks.

My server is Linux/Apache/PHP.   When a file is uploaded, I use PHP's finfo_open to confirm that the file have the correct file extension matches and delete them if it doesn't match.  I also which file mimi types and size could be uploaded.   Things I do with the files include: Upload user's files and store them in some public directory (/var/www/html/users_public_directory/), and allow other users to directly download them. Upload user's files and store them in some private directory (/var/www/users_private_directory/), and allow other users to download them using X-Sendfile. Upload user's ZIP files and convert them to PDF files (unzip the ZIP file, and uses Libreoffice and Imagemagick's convert to convert them to PDFs). From the server's prospective, what are the risks of allowing users to upload files?  Are there some file types which are more dangerous to the server?  Could they be executed on the server, and if so, how could this be prevented?

Hello   I am trying to work out how many regular users I have to my site and how long those users tend to be users..   So, I have a table that logs every time a user visits my site and logs in, it stores the date / time as a unix timestamp and it logs their user id.   I started by getting the id's of any user who logs in more than 5 times in a specified period, but now I want to extend that...  

 
SELECT userID as user, count(userID) as logins FROM login_history where timestamp > UNIX_TIMESTAMP('2014-06-01 00:00:00') and timestamp < UNIX_TIMESTAMP('2014-07-01 00:00:00') group by user having logins > 5;
 

I just discovered that I have a major security flaw with my website.
Anyone who logs in to the website can easily access other users information as well as delete and edit other users information just by changing the ID variable in the address bar.
I have user ID Session started on these pages but still people can do anything they like with other users information just by editing the address bar.
For example if your logged in in the address bar of www.mywebsite.com/delete_mystuff.php?id=5 and change the "5" say to a "9" then you will have access to user#9 information.

Every important page that I have has this code:
Code: [Select]
 session_start();

if (!isset($_SESSION['user_id'])) {
// Start defining the URL.
         $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
         if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
         $url = substr ($url, 0, -1); // Chop off the slash.
}
// Add the page.
$url .= '/index.php';
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
} else {
                //Else If Logged In Run The Script

if((isset($_GET['id'])) && (is_numeric($_GET['id']))) {
         $id = (int) $_GET['id'];
} elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) {
         $id = (int) $_POST['id'];
} else {
         echo ' No valid ID found, passed in url or form element';
        
         exit();
}



What am I doing wrong?
Please help if you know how to correct this.

Many thanks in advance.

Error:
Code: [Select]
No error, Im trying to Make it Download But it wont Download...
Code:
Code: [Select]
<table border="2" cellpadding="2" cellspacing="2" width="100%">
<tr>
<td>ID</td><td>NAME</td><td>TYPE</td><td>SIZE</td><td>DATE ADDED</td><td>DOWNLOAD</td>
</tr>
<?php

//porperties
$result = mysql_query("SELECT * FROM uploaded");
while($r=mysql_fetch_array($result))
{
   $link=$r["link"];
   $name=$r["name"];
   $type=$r["type"];
   $size=$r["size"];
   $date=$r["date"];
   $id=$r["id"];
echo "
<tr>
<td>$id</td><td>$name</td><td>$type</td><td>$size</td><td>$date</td><td><a href='$link'>Download $name</a></td>
</tr>
";
}
?>           
</table>

Hello,

I have a php page from where anyone can download mp3 songs. my database table contain song title and the directory link of every song. the page retrieve song title with the link that people can click and download. but if u click the mp3 started to play on new window. if u right click and save as then it download. but I want that people click and it will start download or give a prompt to save the file in pc. I hv the following code please help me... thankx

Code: [Select]
<?PHP
                $artist=$_GET['artist'];
                $album=$_GET['album'];

                $query=("select *from Band where artist='$artist' and album='$album'");
                $result=mysql_query($query);
                while ($row=mysql_fetch_array($result))
                      { 
                ?>
                          <a href="<?php echo $row["link"];?>"><strong><?php echo $row["title"];?></strong></a>
                <?PHP
                      }
                  ?>

How can I make that if I click on the title then it will start download. pls need help.

Hello I'm trying to make a php script that when run updates an image folder based on a photobucket feed.

Here is my code so far.

Code: [Select]
<?php


function download_feed($path) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $path);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
$retValue = curl_exec($ch);
curl_close($ch);
return $retValue;
}
$sXML = download_feed('http://feed242.photobucket.com/albums/ff185/xivanari/account.rss');
$oXML = new SimpleXMLElement($sXML);
foreach($oXML-> channel->item as $oDocuments) {

$fileName = $oDocuments->title; 
$fileTmpLoc = $oDocuments->link; 

if(!file_exists("album1/".$fileName."/")) {
  if(!mkdir("album1/".$fileName)) 

$upload_location = "album1/".$fileName;
$moveResult = move_uploaded_file($fileTmpLoc, $upload_location);


}

}


?>

I wonder if some kind-hearted person can help me?
I am trying to download a video file which has a wmv. The protocol is either mms:// or http://

I can see the video in my browser but I cannot download it using curl or wget in a program and I need to download a few of these.
They are publicly viewable so they are not private stuff.
The URL is http://210.150.12.140/vod11/tepco/other/1111_01.wmv?MSWMExt=.asf
or
mms://wmt.stream.co.jp/vod11/tepco/other/1111_01.wmv

All I get at the moment is a text file of less than 1K and not the movie itself.
How would I download this file please?
Thanks
Paul

Hello,

I'm trying to use php to have a user upload a file and then, have my site create a link --- I'm ALMOST there.    My last hitch is in creating the link.  From the code below,
Code: [Select]
echo "this is the current filename: ". $supplemental_file;
  echo '<a href=../../supplemental_files/' . $supplemental_file . '">Supplementary Download</a>';

I get:

this is the current filename: Complaint.doc

But, when I hover over the link, I get:

http://localhost:8888/algebra_book/supplemental_files/Complaint.doc%22

Any thoughts on the extra %22 ??

Thanks so much....

Hello,

Ive got a script that downloads a file to my server. I want to be able to download a file from a site such as FileServe using my premium details. Ive tried http://username:password@fileserve.com/file.rar but that dosent work, It just downloads a tiny small 30kb file.

Is there a way i can set a cookie or somthing so my script has access to download file using my premium account?

Thanks in advance

Hello everyone.
I have a problem with some of my php script.

I have some php code that downloads a remote file and directly outputs it to the user. It works and all, it's just that when I do it on my Ubuntu LAMP server, downloading a file takes up a lot of ram. On my Windows WAMP server it works correctly and doesn't use up so much ram. Is this a problem with my code, or is it a server configuration?

Below is the code I use to download the file.
Code: [Select]

public function output_file($file, $name, $mime_type='', $size)
   {
   session_write_close();
    /*
    This function takes a path to a file to output ($file),
    the filename that the browser will see ($name) and
    the MIME type of the file ($mime_type, optional).
   
    If you want to do something on download abort/finish,
    register_shutdown_function('function_name');
    */
    if(is_readable($file)) die('File not found or inaccessible!');
    /*
    $size = $size;
    $name = rawurldecode($name); */
   
    /* Figure out the MIME type (if not specified) */
    $known_mime_types=array(
      "pdf" => "application/pdf",
      "txt" => "text/plain",
      "html" => "text/html",
      "htm" => "text/html",
      "exe" => "application/octet-stream",
      "zip" => "application/zip",
      "doc" => "application/msword",
      "xls" => "application/vnd.ms-excel",
      "ppt" => "application/vnd.ms-powerpoint",
      "gif" => "image/gif",
      "png" => "image/png",
      "jpeg"=> "image/jpg",
      "jpg" =>  "image/jpg",
      "php" => "text/plain"
    );
   
    if($mime_type==''){
       $file_extension = strtolower(substr(strrchr($file,"."),1));
       if(array_key_exists($file_extension, $known_mime_types)){
         $mime_type=$known_mime_types[$file_extension];
       } else {
         $mime_type="application/x-rar-compressed";
       };
    };
   
    @ob_end_clean(); //turn off output buffering to decrease cpu usage
   
    // required for IE, otherwise Content-Disposition may be ignored
    if(ini_get('zlib.output_compression'))
     ini_set('zlib.output_compression', 'Off');
   
    header('Content-Type: ' . $mime_type);
    header('Content-Disposition: attachment; filename="'.$name.'"');
    header("Content-Transfer-Encoding: binary");
    header('Accept-Ranges: bytes');
   
    /* The three lines below basically make the
      download non-cacheable */
    header("Cache-control: no-cache");
    //header('Pragma: private');
   // header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
   
    // multipart-download and download resuming support
    if(isset($_SERVER['HTTP_RANGE']))
    {
      list($a, $range) = explode("=",$_SERVER['HTTP_RANGE'],2);
      list($range) = explode(",",$range,2);
      list($range, $range_end) = explode("-", $range);
      $range=intval($range);
      if(!$range_end) {
         $range_end=$size-1;
      } else {
         $range_end=intval($range_end);
      }
   
      $new_length = $range_end-$range+1;
      header("HTTP/1.1 206 Partial Content");
      header("Content-Length: $new_length");
      header("Content-Range: bytes $range-$range_end/$size");
    } else {
      $new_length=$size;
      header("Content-Length: ".$size);
    }
   
    /* output the file itself */
    $chunksize = 1*(1024)*(1024); //you may want to change this
    $bytes_send = 0;
    if ($file = fopen($file, 'r'))
    {
      if(isset($_SERVER['HTTP_RANGE']))
      fseek($file, $range);
   
      while(!feof($file) &&
         (!connection_aborted()) &&
         ($bytes_send<$new_length)
           )
      {
         $buffer = fread($file, $chunksize);
         print($buffer); //echo($buffer); // is also possible
         flush();
         $bytes_send += strlen($buffer);
      }
    fclose($file);
    } else die('Error - can not open file.');
   
   die();
   }
   // END OUTPUT_FILE function

Hello There  ,

I want to download a file from the server to the computer  .


How can i do this ??

i found out this code:

header("Content-type: image/jpg");
header("Content-Disposition: attachment; filename=test.jpg");


the problem is , what i get is the file that the code was executed from saved in the .jpg format.

how can i direct to a specified path to select a certain file then download it .

example
let's say i have a folder that contains 2 files:
download.php and image.jpg

how can i download the image.jpg from the server with the Save As window??

Thank You

Alrighty, I have posted about this before, but for a very different question. So different, i figured it merited a different post. anyways...

I have a php script that downloads a webpages html code, then shows that code as its own on another server. I got it to work great, but it does not download/show the images and css. Using <base href> works great for the links, but the images are an issue, along with the css.

Here's what I have got so far: (any scripts or other stuff is greatly appreciated)
<?php
//download the webpage
$contents = file_get_contents($url);
//we have downloaded the html from the page,
//but not the external files such as css, and images
//so now we add the images and css
//start by splitting it into an easy to manage array
$contentchunks = explode("/n", $contents);

//mess with the html we downloaded
foreach($contentchunks as $varname => $varval){ //varval is the single line of html
  //go through every line of the html code and replace it to my heart's content
  if(stristr($varval, 'src=') === TRUE) { //check to see if has what im looking for
    //get the url to download
    
    //download and insert the image
  }
}

//put the modified array back together
$contents = implode("/n", $contentchunks);
//view the webpage
echo $contents;
?>

I have a demonstration of what it does over at http://dageek247.tk/viewit/