Please Help!

Question

welbyobeng 3 Junior Poster in Training

16 Years Ago

I attached the 2 script
I have a script that retrieves a file from my database with an option of providing a path

Now the appendPath Will "tack on" the contents of appendPath to the front of the file name.

For example, :if appendPath is set to:

... and you've assigned "filename" to a field that only uses the "base file name" of "myTrack.mp3" the URL Wimpy will use to play the file will be:

http://www/path/to/myTrack.mp3.

Now what I want to do is create appendimagePath where I can provide a url to tack on to the front of the image name.

Originally at the bottom of "wimpy.sql.ed.configs" I see
$appendPath = '';
$appendField = '';
$forceTrailingSlash = FALSE;

On file "wimpy.sql.ed.configs" at the bottom I will see

$appendPath = 'http://example.com/files/';
$appendimagePath = 'http://example.com/image/';
$appendField = '';
$forceTrailingSlash = FALSE;

What would I do to "wimpy.sql.ed" to make that work?

php

wimpy.sql_.ed_.configs_.php (1.46 KB)

<?php


/////////////////////////////////////////////////////////////////
//                                                             //
//                     DATABASE SETUP:                         //
//                                                             //
/////////////////////////////////////////////////////////////////

$host        = "localhost";
$db          = "wimpy";
$publicUser  = "root";
$publicPwd   = "hackme";
$table_files = "mp3s";



/////////////////////////////////////////////////////////////////
//                                                             //
//                     RELATIONSHIPS:                          //
//                                                             //
/////////////////////////////////////////////////////////////////

$myField_ID		= 'id';
$myField_File	= 'filepath';
$myField_Artist	= 'artist';
$myField_Title	= 'title';
$myField_Image	= 'visual';
$myField_Link	= 'comments';

$sortField = $myField_Title;
$sortOrder = "DESC";
//$sortOrder = "ASC";

/////////////////////////////////////////////////////////////////
//                                                             //
//                         OTHER:                              //
//                                                             //
/////////////////////////////////////////////////////////////////

// Use a trailing slash/
$appendPath = '';
$appendField = '';
$forceTrailingSlash = FALSE;

?>

wimpy.sql_.ed_.php (6.84 KB)

<?php
require_once("wimpy.sql.ed.configs.php");

// @clearstatcache();
// @ob_flush();

// connect to DB
$link = @mysql_connect($host, $publicUser, $publicPwd) 
	 or die("Check settings in mywimpy.configs.php and try again.");
mysql_select_db($db) 
	 or die(mysql_error());

/////////////////////////////////////////////////////////////////
//                                                             //
//                     COMMON FUNCTIONS:                       //
//                                                             //
/////////////////////////////////////////////////////////////////

function myStringPrep($value){
	if (get_magic_quotes_gpc()) {
		$value = stripslashes($value);
	}
	if(@version_compare(phpversion(),"4.3.0")=="-1") {
		$string = mysql_escape_string($value);
	} else {
		$string = mysql_real_escape_string($value);
	}
	$value = $string;
	return $value;
}



function striphack($string){
	$retval = $string;
	$retval = strip_tags(stripslashes($retval));
	$retval = strip_tags($retval);
	$retval = str_replace("\n", "x", $retval);
	$retval = str_replace("\r", "x", $retval);
	$retval = str_replace("\t", "x", $retval);
	$retval = str_replace("\\", "x", $retval);
	$retval = ereg_replace("\.+/", "x", $retval); 
	$retval = ereg_replace("\.\.","x",$retval); 
	//$retval = ereg_replace("^[\/]+", "x", $retval);
	return $retval;
}


function secureArray($array_in){	
	if(@is_array($array_in)){
		foreach ($array_in as $key => $value){
			$Atemp[striphack(urldecode($key))] = striphack($value);
		}
	} else {
		$Atemp = $array_in;
	}
	return $array_in;
}


function forceTrailingSlash($thePath){
	if($thePath == ''){
		return $thePath;
	} else {
		$lastChar = substr($thePath, strlen($thePath)-1, 1);
		if($lastChar == "/"){
			return $thePath;
		} else {
			if(strrpos($thePath, "\\")){
				return $thePath."\\";
			} else {
				return $thePath."/";
			}
		}
	}
}


if ( get_magic_quotes_gpc () ){
   function traverse ( &$arr ){
       if ( !is_array ( $arr ) ){
           return;
	   }
       foreach ( $arr as $key => $val ){
           is_array ( $arr[$key] ) ? traverse ( $arr[$key] ) : ( $arr[$key] = stripslashes ( $arr[$key] ) );
	   }
   }
   $gpc = array ( &$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
   traverse ( $gpc );
}


$AcheckRequests = array(
						"queryWhere",
						"queryWhereCol",
						"queryWhereVal",
						"querySelect",
						"queryTable",
						"queryValue", 
						"action"
						);


$_REQUEST = secureArray($_REQUEST);
$_GET = secureArray($_GET);
$_POST = secureArray($_POST);


for($i=0;$i<sizeof($AcheckRequests);$i++){
	$var = $AcheckRequests[$i];
	if(!isset($_REQUEST[$var])){
		if(!isset($$var)){
			$$var = "";
		}
	} else {
		$$var = $_REQUEST[$var];
	}
}

function pushfile($filename, $kind){
	header("Pragma: public");
	header("Expires: Thu, 19 Nov 1981 08:52:00 GMT");
	header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
	header("Cache-Control: no-store, no-cache, must-revalidate");
	header("Content-Type: audio/x-mpeg, audio/x-mpeg-3, audio/mpeg3");
	if($kind == "downloadfile"){
		header("Cache-Control: private");
		header('Content-Disposition: attachment; filename="'.$Afile_info['basename'].'"' );
	}
	header("Content-Transfer-Encoding: binary");
	header("Content-Length: ".filesize($filename));
	$chunksize = 1*(1024*1024);
	$buffer = '';
	$cnt =0;
	$handle = fopen($filename, 'rb');
	if ($handle === false) {
		return false;
	}
	while (!feof($handle)) {
		$buffer = fread($handle, $chunksize);
		echo $buffer;
	}
	$status = fclose($handle);
	return $status;
}


$myFieldName['uniqueID'] = @$myField_ID;
$myFieldName['filename'] = @$myField_File;
$myFieldName['artist']   = @$myField_Artist;
$myFieldName['title']    = @$myField_Title;
$myFieldName['visual']   = @$myField_Image;
$myFieldName['link']     = @$myField_Link;


//////////////////////////////////////////////////
//                                              //
//             REQUEST HANDLING                 //
//                                              //
//////////////////////////////////////////////////

if($action=="serveMP3" || $action=="downloadfile"){

	
	$sql = "SELECT * FROM ".$table_files." WHERE ".$myFieldName['uniqueID']."='".myStringPrep($_REQUEST['theID'])."';";

	// HINT: Place a single / in front of /* to uncomment this section:
	/*
	print ($sql);
	exit;
	//*/


	// Both "theFile" and "theID" are returned from Wimpy. 
	// "theID" is prefered since this minimizes issues with 
	// weirdo characters such as: '&?"!@$#%$ and so on.
	//
	// If you are having difficulties, try uncommenting the line 
	// below, which uses the filename field to serve the file.

	//$sql = "SELECT * FROM ".$table_files." WHERE ".$myFieldName['filename']."='".myStringPrep($_REQUEST['theFile'])."';";

	$result = mysql_query($sql);
	//print $sql;
	if($result){
		$line = mysql_fetch_assoc($result);
		$myFile = $line[$myFieldName['filename']];
		if(file_exists($myFile)){
			pushfile($myFile, $action);
		} else {
			echo ("&retval=error 1 : file doesn't exist"."  ".$_REQUEST['theID']);
		}
	} else {
		echo "&retval=error 2 : No results from query!";
	}
	exit;


} else {

	
	$count=0;
	$sendback = "";
	$AmyDataSetup = array();
	$AqueryValues = explode("|", $queryValue);
	for($i=0;$i<sizeof($AqueryValues);$i++){
		$query = "SELECT * FROM ".$table_files." WHERE ".myStringPrep($queryWhere)."='".myStringPrep($AqueryValues[$i])."';";
		$result = mysql_query($query);
		if($result){
			while ($line = mysql_fetch_assoc($result)) {
				$lineClean = array();
				foreach($line as $key=>$value){
					if($count==0){
						array_push($AmyDataSetup, $key);
					}
					if($key == $myFieldName['filename']){
						if($forceTrailingSlash){
							$myFile = forceTrailingSlash($appendPath).$value;
						} else {
							$myFile = @$appendPath.$value;
						}
						if(@$appendField != ''){
							if($forceTrailingSlash){
								$myFile = forceTrailingSlash(@$line[@$appendField]).$value;
							} else {
								$myFile = @$line[@$appendField].$value;
							}
							
						}
						$lineClean[] = rawurlencode($myFile);
					} else {
						$lineClean[] = rawurlencode($value);
					}
				}
				$sendback .= "&item$count=".implode("|", $lineClean);
				$count++;
			}
		}
	}
	$myDataSetup = implode("|", $AmyDataSetup);
	@mysql_free_result($result);
	mysql_close($link);
	$sendback .= "&totalitems=$count";
	$sendback .= "&datasetup=$myDataSetup";
	$sendback .= "&my_filename=".$myFieldName['filename'];
	$sendback .= "&my_artist=".$myFieldName['artist'];
	$sendback .= "&my_title=".$myFieldName['title'];
	$sendback .= "&my_visual=".$myFieldName['visual'];
	$sendback .= "&my_link=".$myFieldName['link'];
	$sendback .= "&my_id=".$myFieldName['uniqueID'];
	print ("$sendback");
}


?>

1 Contributor
1 Reply
122 Views
8 Hours Discussion Span
Latest Post 16 Years Ago Latest Post by welbyobeng

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

welbyobeng 3 Junior Poster in Training · Answer 1 · 2008-03-10T20:40:41+00:00

Here is the code

<?php
require_once("wimpy.sql.ed.configs.php");

// @clearstatcache();
// @ob_flush();

// connect to DB
$link = @mysql_connect($host, $publicUser, $publicPwd) 
     or die("Check settings in mywimpy.configs.php and try again.");
mysql_select_db($db) 
     or die(mysql_error());

/////////////////////////////////////////////////////////////////
//                                                             //
//                     COMMON FUNCTIONS:                       //
//                                                             //
/////////////////////////////////////////////////////////////////

function myStringPrep($value){
    if (get_magic_quotes_gpc()) {
        $value = stripslashes($value);
    }
    if(@version_compare(phpversion(),"4.3.0")=="-1") {
        $string = mysql_escape_string($value);
    } else {
        $string = mysql_real_escape_string($value);
    }
    $value = $string;
    return $value;
}



function striphack($string){
    $retval = $string;
    $retval = strip_tags(stripslashes($retval));
    $retval = strip_tags($retval);
    $retval = str_replace("\n", "x", $retval);
    $retval = str_replace("\r", "x", $retval);
    $retval = str_replace("\t", "x", $retval);
    $retval = str_replace("\\", "x", $retval);
    $retval = ereg_replace("\.+/", "x", $retval); 
    $retval = ereg_replace("\.\.","x",$retval); 
    //$retval = ereg_replace("^[\/]+", "x", $retval);
    return $retval;
}


function secureArray($array_in){    
    if(@is_array($array_in)){
        foreach ($array_in as $key => $value){
            $Atemp[striphack(urldecode($key))] = striphack($value);
        }
    } else {
        $Atemp = $array_in;
    }
    return $array_in;
}


function forceTrailingSlash($thePath){
    if($thePath == ''){
        return $thePath;
    } else {
        $lastChar = substr($thePath, strlen($thePath)-1, 1);
        if($lastChar == "/"){
            return $thePath;
        } else {
            if(strrpos($thePath, "\\")){
                return $thePath."\\";
            } else {
                return $thePath."/";
            }
        }
    }
}


if ( get_magic_quotes_gpc () ){
   function traverse ( &$arr ){
       if ( !is_array ( $arr ) ){
           return;
       }
       foreach ( $arr as $key => $val ){
           is_array ( $arr[$key] ) ? traverse ( $arr[$key] ) : ( $arr[$key] = stripslashes ( $arr[$key] ) );
       }
   }
   $gpc = array ( &$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
   traverse ( $gpc );
}


$AcheckRequests = array(
                        "queryWhere",
                        "queryWhereCol",
                        "queryWhereVal",
                        "querySelect",
                        "queryTable",
                        "queryValue", 
                        "action"
                        );


$_REQUEST = secureArray($_REQUEST);
$_GET = secureArray($_GET);
$_POST = secureArray($_POST);


for($i=0;$i<sizeof($AcheckRequests);$i++){
    $var = $AcheckRequests[$i];
    if(!isset($_REQUEST[$var])){
        if(!isset($$var)){
            $$var = "";
        }
    } else {
        $$var = $_REQUEST[$var];
    }
}

function pushfile($filename, $kind){
    header("Pragma: public");
    header("Expires: Thu, 19 Nov 1981 08:52:00 GMT");
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Cache-Control: no-store, no-cache, must-revalidate");
    header("Content-Type: audio/x-mpeg, audio/x-mpeg-3, audio/mpeg3");
    if($kind == "downloadfile"){
        header("Cache-Control: private");
        header('Content-Disposition: attachment; filename="'.$Afile_info['basename'].'"' );
    }
    header("Content-Transfer-Encoding: binary");
    header("Content-Length: ".filesize($filename));
    $chunksize = 1*(1024*1024);
    $buffer = '';
    $cnt =0;
    $handle = fopen($filename, 'rb');
    if ($handle === false) {
        return false;
    }
    while (!feof($handle)) {
        $buffer = fread($handle, $chunksize);
        echo $buffer;
    }
    $status = fclose($handle);
    return $status;
}


$myFieldName['uniqueID'] = @$myField_ID;
$myFieldName['filename'] = @$myField_File;
$myFieldName['artist']   = @$myField_Artist;
$myFieldName['title']    = @$myField_Title;
$myFieldName['visual']   = @$myField_Image;
$myFieldName['link']     = @$myField_Link;


//////////////////////////////////////////////////
//                                              //
//             REQUEST HANDLING                 //
//                                              //
//////////////////////////////////////////////////

if($action=="serveMP3" || $action=="downloadfile"){


    $sql = "SELECT * FROM ".$table_files." WHERE ".$myFieldName['uniqueID']."='".myStringPrep($_REQUEST['theID'])."';";

    // HINT: Place a single / in front of /* to uncomment this section:
    /*
    print ($sql);
    exit;
    //*/


    // Both "theFile" and "theID" are returned from Wimpy. 
    // "theID" is prefered since this minimizes issues with 
    // weirdo characters such as: '&?"!@$#%$ and so on.
    //
    // If you are having difficulties, try uncommenting the line 
    // below, which uses the filename field to serve the file.

    //$sql = "SELECT * FROM ".$table_files." WHERE ".$myFieldName['filename']."='".myStringPrep($_REQUEST['theFile'])."';";

    $result = mysql_query($sql);
    //print $sql;
    if($result){
        $line = mysql_fetch_assoc($result);
        $myFile = $line[$myFieldName['filename']];
        if(file_exists($myFile)){
            pushfile($myFile, $action);
        } else {
            echo ("&retval=error 1 : file doesn't exist"."  ".$_REQUEST['theID']);
        }
    } else {
        echo "&retval=error 2 : No results from query!";
    }
    exit;


} else {


    $count=0;
    $sendback = "";
    $AmyDataSetup = array();
    $AqueryValues = explode("|", $queryValue);
    for($i=0;$i<sizeof($AqueryValues);$i++){
        $query = "SELECT * FROM ".$table_files." WHERE ".myStringPrep($queryWhere)."='".myStringPrep($AqueryValues[$i])."';";
        $result = mysql_query($query);
        if($result){
            while ($line = mysql_fetch_assoc($result)) {
                $lineClean = array();
                foreach($line as $key=>$value){
                    if($count==0){
                        array_push($AmyDataSetup, $key);
                    }
                    if($key == $myFieldName['filename']){
                        if($forceTrailingSlash){
                            $myFile = forceTrailingSlash($appendPath).$value;
                        } else {
                            $myFile = @$appendPath.$value;
                        }
                        if(@$appendField != ''){
                            if($forceTrailingSlash){
                                $myFile = forceTrailingSlash(@$line[@$appendField]).$value;
                            } else {
                                $myFile = @$line[@$appendField].$value;
                            }

                        }
                        $lineClean[] = rawurlencode($myFile);
                    } else {
                        $lineClean[] = rawurlencode($value);
                    }
                }
                $sendback .= "&item$count=".implode("|", $lineClean);
                $count++;
            }
        }
    }
    $myDataSetup = implode("|", $AmyDataSetup);
    @mysql_free_result($result);
    mysql_close($link);
    $sendback .= "&totalitems=$count";
    $sendback .= "&datasetup=$myDataSetup";
    $sendback .= "&my_filename=".$myFieldName['filename'];
    $sendback .= "&my_artist=".$myFieldName['artist'];
    $sendback .= "&my_title=".$myFieldName['title'];
    $sendback .= "&my_visual=".$myFieldName['visual'];
    $sendback .= "&my_link=".$myFieldName['link'];
    $sendback .= "&my_id=".$myFieldName['uniqueID'];
    print ("$sendback");
}


?>