API tools faq
paste
Advertisement
jlawrence11

download.php

jlawrence11
Apr 14th, 2013
621
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 5.86 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3.  * Copyright 2012 Armand Niculescu - MediaDivision.com
  4.  * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
  5.  * 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  6.  * 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  7.  * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  8.  */
  9. /**
  10.  * This version is modified to be used as an example for authentication on Stack Overflow for the question:
  11.  *   http://stackoverflow.com/questions/16004906/how-to-prevent-non-members-from-directly-accessing-private-content-with-php
  12.  * This modification does not imply a fully working example - as the authorization needs to be put in place
  13.  * correctly by the user of the script.
  14.  */
  15.  
  16.  
  17. // hide notices
  18. @ini_set('error_reporting', E_ALL & ~ E_NOTICE);
  19.  
  20. //- turn off compression on the server
  21. @apache_setenv('no-gzip', 1);
  22. @ini_set('zlib.output_compression', 'Off');
  23.  
  24. // get the file request, throw error if nothing supplied
  25. if(!isset($_REQUEST['file']) || empty($_REQUEST['file']))
  26. {
  27.     header("HTTP/1.0 400 Bad Request");
  28.     exit;
  29. }
  30.  
  31. /******************************
  32.  * PERFORM AUTHORIZATION HERE *
  33.  *   The following is added   *
  34.  ******************************/
  35. if($_SESSION['validated'] !== true) {
  36.     //Not authorized to download, send header and exit
  37.     header("HTTP/1.0 401 Unauthorized");
  38.     exit;
  39. }
  40.  
  41. // sanitize the file request, keep just the name and extension
  42. // also, replaces the file location with a preset one ('./content/' in this example)
  43. $file_path  = $_REQUEST['file'];
  44. $path_parts = pathinfo($file_path);
  45. $file_name  = $path_parts['basename'];
  46. $file_ext   = $path_parts['extension'];
  47. $file_path  = './content/' . $file_name;
  48.  
  49. // allow a file to be streamed instead of sent as an attachment
  50. $is_attachment = isset($_REQUEST['stream']) ? false : true;
  51.  
  52. // make sure the file exists
  53. if (is_file($file_path))
  54. {
  55.     $file_size  = filesize($file_path);
  56.     $file = @fopen($file_path,"rb");
  57.     if ($file)
  58.     {
  59.         // set the headers, prevent caching
  60.         header("Pragma: public");
  61.         header("Expires: -1");
  62.         header("Cache-Control: public, must-revalidate, post-check=0, pre-check=0");
  63.         header("Content-Disposition: attachment; filename=\"$file_name\"");
  64.  
  65.         // set appropriate headers for attachment or streamed file
  66.         if ($is_attachment)
  67.                 header("Content-Disposition: attachment; filename=\"$file_name\"");
  68.         else
  69.                 header('Content-Disposition: inline;');
  70.  
  71.         // set the mime type based on extension, add yours if needed.
  72.         $ctype_default = "application/octet-stream";
  73.         $content_types = array(
  74.                 "exe" => "application/octet-stream",
  75.                 "zip" => "application/zip",
  76.                 "mp3" => "audio/mpeg",
  77.                 "mpg" => "video/mpeg",
  78.                 "avi" => "video/x-msvideo",
  79.         );
  80.         $ctype = isset($content_types[$file_ext]) ? $content_types[$file_ext] : $ctype_default;
  81.         header("Content-Type: " . $ctype);
  82.  
  83.         //check if http_range is sent by browser (or download manager)
  84.         if(isset($_SERVER['HTTP_RANGE']))
  85.         {
  86.             list($size_unit, $range_orig) = explode('=', $_SERVER['HTTP_RANGE'], 2);
  87.             if ($size_unit == 'bytes')
  88.             {
  89.                 //multiple ranges could be specified at the same time, but for simplicity only serve the first range
  90.                 //http://tools.ietf.org/id/draft-ietf-http-range-retrieval-00.txt
  91.                 list($range, $extra_ranges) = explode(',', $range_orig, 2);
  92.             }
  93.             else
  94.             {
  95.                 $range = '';
  96.                 header('HTTP/1.1 416 Requested Range Not Satisfiable');
  97.                 exit;
  98.             }
  99.         }
  100.         else
  101.         {
  102.             $range = '';
  103.         }
  104.  
  105.         //figure out download piece from range (if set)
  106.         list($seek_start, $seek_end) = explode('-', $range, 2);
  107.  
  108.         //set start and end based on range (if set), else set defaults
  109.         //also check for invalid ranges.
  110.         $seek_end   = (empty($seek_end)) ? ($file_size - 1) : min(abs(intval($seek_end)),($file_size - 1));
  111.         $seek_start = (empty($seek_start) || $seek_end < abs(intval($seek_start))) ? 0 : max(abs(intval($seek_start)),0);
  112.  
  113.         //Only send partial content header if downloading a piece of the file (IE workaround)
  114.         if ($seek_start > 0 || $seek_end < ($file_size - 1))
  115.         {
  116.             header('HTTP/1.1 206 Partial Content');
  117.             header('Content-Range: bytes '.$seek_start.'-'.$seek_end.'/'.$file_size);
  118.             header('Content-Length: '.($seek_end - $seek_start + 1));
  119.         }
  120.         else
  121.           header("Content-Length: $file_size");
  122.  
  123.         header('Accept-Ranges: bytes');
  124.  
  125.         set_time_limit(0);
  126.         fseek($file, $seek_start);
  127.  
  128.         while(!feof($file))
  129.         {
  130.             print(@fread($file, 1024*8));
  131.             ob_flush();
  132.             flush();
  133.             if (connection_status()!=0)
  134.             {
  135.                 @fclose($file);
  136.                 exit;
  137.             }          
  138.         }
  139.  
  140.         // file save was a success
  141.         @fclose($file);
  142.         exit;
  143.     }
  144.     else
  145.     {
  146.         // file couldn't be opened
  147.         header("HTTP/1.0 500 Internal Server Error");
  148.         exit;
  149.     }
  150. }
  151. else
  152. {
  153.     // file does not exist
  154.     header("HTTP/1.0 404 Not Found");
  155.     exit;
  156. }
  157. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!