Hi,

A customer of mine hosts some files on one of our servers. The problem is someone is using the links on my customer website to make possible the download on his webpage so he is using my customers bandwith for free. I have tried to make a download script wich will prevent this. Please note that my customer links to the files on my server from another domain name.

PHP Code:

<?
// valori mysql
$user = 'user';
$pass = 'pass';
$host = 'localhost';
$db = 'muzica';

// conectam mysql
mysql_connect($host,$user,$pass);
mysql_select_db($db);

// preluam valori
if(!strlen($_GET['id']))
{
    die("Nu a fost specificat nici un fisier<br>Click <a href='javascript: history.back(-1)'>aici</a>");
}
global $HTTP_REFERER;
$url = parse_url($HTTP_REFERER);
if(($url['host'] != "www.anotherdomain.com") && ($url['host'] != "anotherdomain.com"))
{
    echo "Aceasta muzica apartine site-ului <a href='http://www.anotherdomain.com'>www.anotherdomain.com</a>";
    die("<br>Aceasta muzica o puteti gasii numai pe site-ul precizat mai sus,enjoy");
}
$id = $_GET['id'];
$path = "/usr/local/psa/home/vhosts/domainname.com/httpdocs/muzica/lauRica/";
opendir($path);
$query = "select file from muzica where id = '$id'";
$row = mysql_fetch_array(mysql_query($query));
if(!mysql_error())
{
    $file = $row['file'];
    $path .= $file;
    include $path;
}
else
{
    echo "Eroare, fisierul NU exista pe serverul nostru";
    header("Location: $HTTP_REFERER");
}
?>

It didn't work and i can't figure why, do i have to set some special permisions to the files ?

Sorry pls we all speak English in this Forum , Can you please translate those Scripts to English so we could help you out.

Quote:

Originally Posted by Uche

Sorry pls we all speak English in this Forum , Can you please translate those Scripts to English so we could help you out.

i don't really believe that would be aproplem Uche, but here you have the transaltion. i did it for Raulica so he may have an answer when he's back:

PHP Code:

<?
// mysql values
$user = 'user';
$pass = 'pass';
$host = 'localhost';
$db = 'muzica';

// connection to database
mysql_connect($host,$user,$pass);
mysql_select_db($db);

// getting values
if(!strlen($_GET['id']))
{
    die("no file specified<br>Click <a href='javascript: history.back(-1)'>here</a>");
}
global $HTTP_REFERER;
$url = parse_url($HTTP_REFERER);
if(($url['host'] != "www.anotherdomain.com") && ($url['host'] != "anotherdomain.com"))
{
    echo "this file belongs to the site <a href='http://www.anotherdomain.com'>www.anotherdomain.com</a>";
    die("<br>this file you can only find on the above mentioned website.");
}
$id = $_GET['id'];
$path = "/usr/local/psa/home/vhosts/domainname.com/httpdocs/muzica/lauRica/";
opendir($path);
$query = "select file from muzica where id = '$id'";
$row = mysql_fetch_array(mysql_query($query));
if(!mysql_error())
{
    $file = $row['file'];
    $path .= $file;
    include $path;
}
else
{
    echo "Error, the file does not exist on our server";
    header("Location: $HTTP_REFERER");
}
?>

Uche Why do you need the error messages in english to work out what the code does ?

Raulicã
Explain why it didn't work and any errors that occured. We have more chance of debugging then.

Sorry, i forgot to translate, anyway thanks OmuCuSucu.
Here are the error messages i get :

Quote:

Warning: opendir(): open_basedir restriction in effect. File(/usr/local/psa/home/vhosts/domainname.com/httpdocs/muzica/lauRica/) is not within the allowed path(s): (/usr/local/psa/home/vhosts/future-host.org/httpdocs:/tmp) in /usr/local/psa/home/vhosts/future-host.org/httpdocs/download.php on line 29

Warning: opendir(/usr/local/psa/home/vhosts/domainname.com/httpdocs/muzica/lauRica/): failed to open dir: Operation not permitted in /usr/local/psa/home/vhosts/future-host.org/httpdocs/download.php on line 29

Warning: main(): open_basedir restriction in effect. File(/usr/local/psa/home/vhosts/domainname.com/httpdocs/muzica/lauRica/gigi.tgz) is not within the allowed path(s): (/usr/local/psa/home/vhosts/future-host.org/httpdocs:/tmp) in /usr/local/psa/home/vhosts/future-host.org/httpdocs/download.php on line 36

Warning: main(/usr/local/psa/home/vhosts/domainname.com/httpdocs/muzica/lauRica/gigi.tgz): failed to open stream: Operation not permitted in /usr/local/psa/home/vhosts/future-host.org/httpdocs/download.php on line 36

Warning: main(): Failed opening '/usr/local/psa/home/vhosts/domainname.com/httpdocs/muzica/lauRica/gigi.tgz' for inclusion (include_path='.:/usr/local/psa/apache/lib/php') in /usr/local/psa/home/vhosts/future-host.org/httpdocs/download.php on line 36