Hi, I am having some major issues.
My site provides sheet music available for downloading for free. When a user clicks on a sheet to download, a new window opens up. This user views our sponsor's website for 30 seconds. Once the time is up, they can download the free sheet.
Now for the issues:
I found a download script that I'm putting to the test. When clicking download, it asks where you want to save the file and downloads the file just fine. After some testing, i found that if the user tries to download the sheet again, my entire php/html code displays on the page, as well as a bunch of nonreadable characters (I'm guessing this is from the .pdf file that is supposed to be downloaded).
I need to modify my code to stop this from happening. I've tried to exit() the code or die() after the sheet downloads, but I must be doing it wrong because nothing seems to work. I also tried a redirect to send them to a different page once they download the file. That doesn't work either.
The next issue is the bottom page is supposed to display our sponsor's website, which it does. However, the frame that contains the website is not 100% in height as it is specified to be. Something in my code is causing it to stop extending all the way.
If you would like to see exactly what is happening for yourself, you can go here:
http://www.sheetmusichaven.com/download.php?sheet=98%20Degrees-I%20Do%20Cherish%20You-SheetMusicHaven.pdf&artist=98%20Degrees&title=I%20Do%20Cherish%20You
I'm using the latest version of Firefox, PHP 5.
And for the code. I warn you it is ugly ><
<?php
session_start();
include_once('inc/connect.php');
$sheet = $_GET['sheet'];
$artist = stripslashes($_GET['artist']);
$title = stripslashes($_GET['title']);
$hyphen = " - ";
$url = "http://www.youtube.com";
$timetodownload = $_POST['timetodownload'];
$todayquery = mysql_query("SELECT `todayviews` FROM `websites` WHERE `active`='yes'");
$todayresult = mysql_fetch_assoc($todayquery);
$todayviews = $todayresult['todayviews'];
$result = mysql_query("SELECT `url` FROM `websites` WHERE `active`='yes' && `dailyviews`>'$todayviews' && `credits`>0");
$i = 0;
while($row = mysql_fetch_array($result))
{
while($i<1){
$url = $row['url'];
$i++;
}
}
if(strlen($artist)+strlen($title)>80){
$artist = "";
$hyphen = "";
}
$ip = $_SERVER['REMOTE_ADDR'];
// Time Goes Here
// $ipcheck = mysql_query("SELECT ip FROM downloading WHERE ip='$ip'");
// $ipcount = mysql_num_rows($ipcheck);
// if ($ipcount!=0)
// {
// $error1 = "<div id='regerror'>Username already taken!</div>";
// }
// $ipquery = "INSERT INTO downloading VALUES ('','$ip','$time')";
// mysql_query($ipquery);
$timesdownloaded = 0;
if(isset($timetodownload)&&$timesdownloaded<1){
###############################################################
# File Download 1.31
###############################################################
# Visit http://www.zubrag.com/scripts/ for updates
###############################################################
# Sample call:
# download.php?f=phptutorial.zip
#
# Sample call (browser will try to save with new file name):
# download.php?f=phptutorial.zip&fc=php123tutorial.zip
###############################################################
// Allow direct file download (hotlinking)?
// Empty - allow hotlinking
// If set to nonempty value (Example: example.com) will only allow downloads when referrer contains this text
define('ALLOWED_REFERRER', '');
// Download folder, i.e. folder where you keep all files for download.
// MUST end with slash (i.e. "/" )
define('BASE_DIR','admin/uploads/');
// log downloads? true/false
define('LOG_DOWNLOADS',true);
// log file name
define('LOG_FILE','downloads.log');
// Allowed extensions list in format 'extension' => 'mime type'
// If myme type is set to empty string then script will try to detect mime type
// itself, which would only work if you have Mimetype or Fileinfo extensions
// installed on server.
$allowed_ext = array (
// archives
'zip' => 'application/zip',
// documents
'pdf' => 'application/pdf',
'doc' => 'application/msword',
// images
'gif' => 'image/gif',
'png' => 'image/png',
'jpg' => 'image/jpeg',
'jpeg' => 'image/jpeg',
);
####################################################################
### DO NOT CHANGE BELOW
####################################################################
// If hotlinking not allowed then make hackers think there are some server problems
if (ALLOWED_REFERRER !== ''
&& (!isset($_SERVER['HTTP_REFERER']) || strpos(strtoupper($_SERVER['HTTP_REFERER']),strtoupper(ALLOWED_REFERRER)) === false)
) {
die("Internal server error. Please contact system administrator.");
}
// Make sure program execution doesn't time out
// Set maximum script execution time in seconds (0 means no limit)
set_time_limit(0);
if (!isset($sheet) || empty($sheet)) {
die("Please specify file name for download.");
}
// Nullbyte hack fix
if (strpos($sheet, "\0") !== FALSE) die('');
// Get real file name.
// Remove any path info to avoid hacking by adding relative path, etc.
$fname = basename($sheet);
// Check if the file exists
// Check in subfolders too
function find_file ($dirname, $fname, &$file_path) {
$dir = opendir($dirname);
while ($file = readdir($dir)) {
if (empty($file_path) && $file != '.' && $file != '..') {
if (is_dir($dirname.'/'.$file)) {
find_file($dirname.'/'.$file, $fname, $file_path);
}
else {
if (file_exists($dirname.'/'.$fname)) {
$file_path = $dirname.'/'.$fname;
return;
}
}
}
}
} // find_file
// get full file path (including subfolders)
$file_path = '';
find_file(BASE_DIR, $fname, $file_path);
if (!is_file($file_path)) {
die("File does not exist. Make sure you specified correct file name.");
}
// file size in bytes
$fsize = filesize($file_path);
// file extension
$fext = strtolower(substr(strrchr($fname,"."),1));
// check if allowed extension
if (!array_key_exists($fext, $allowed_ext)) {
die("Not allowed file type.");
}
// get mime type
if ($allowed_ext[$fext] == '') {
$mtype = '';
// mime type is not set, get from server settings
if (function_exists('mime_content_type')) {
$mtype = mime_content_type($file_path);
}
else if (function_exists('finfo_file')) {
$finfo = finfo_open(FILEINFO_MIME); // return mime type
$mtype = finfo_file($finfo, $file_path);
finfo_close($finfo);
}
if ($mtype == '') {
$mtype = "application/force-download";
}
}
else {
// get mime type defined by admin
$mtype = $allowed_ext[$fext];
}
// Browser will try to save file with this filename, regardless original filename.
// You can override it if needed.
if (!isset($_GET['fc']) || empty($_GET['fc'])) {
$asfname = $fname;
}
else {
// remove some bad chars
$asfname = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']);
if ($asfname === '') $asfname = 'NoName';
}
// set headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $mtype");
header("Content-Disposition: attachment; filename=\"$asfname\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . $fsize);
// download
// @readfile($file_path);
$file = @fopen($file_path,"rb");
if ($file) {
while(!feof($file)) {
print(fread($file, 1024*8));
flush();
if (connection_status()!=0) {
@fclose($file);
die();
}
}
@fclose($file);
}
// log downloads
if (!LOG_DOWNLOADS) die();
$f = @fopen(LOG_FILE, 'a+');
if ($f) {
@fputs($f, date("m.d.Y g:ia")." ".$_SERVER['REMOTE_ADDR']." ".$fname."\n");
@fclose($f);
}
$timesdownloaded++;
if(isset($timetodownload)==($_POST['timetodownload'])){
$timetodownload = "";
echo "<meta http-equiv=\"refresh\" content=\"0;url=index.php?letter=0\">";
}
if($timesdownloaded>0){
header("Location: index.php");
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US" xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="description" content="Free Piano Sheet Music - Sheet Music Haven" />
<meta name="keywords" content="free,piano,sheet,music,download,keyboard,haven,lyrics,notes,chords,score,top,modern,popular,jazz,classical,sheetmusichaven" />
<meta name="author" content="Sheet Music Haven - Free Piano Sheet Music. Download all types of piano sheet music for free. Popular sheets are added often" />
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1" />
<title>Downloading <?php echo $sheet; ?> - Sheet Music Haven</title>
<link rel="stylesheet" type="text/css" href="styles/style.css" />
<style>
iframe {
padding: 0px;
spacing: 0px;
}
body{
margin: 0px;
color: #000000;
}
#bggreen{
width: 99%;
height: 88%;
background-color: #6aa504;
margin-left: auto;
margin-right: auto;
text-align: center;
}
#countdown{
color: #4296ce;
font-size: 18px;
}
.sheetbar a{color: #000000;
font-family: "Arial", Helvetica, sans-serif;
}
#logo{
position: relative;
width: 320px;
height: 65px;
text-align: center;
float: left;
top: 19px;
}
#timer{
position: relative;
width: 65%;
height: 59px;
float: left;
text-align: center;
top: 3px;
background-color: #ececec;
border-style: solid;
border-color: #93DB70;
}
</style>
<script type="text/javascript">
var time = 2;
function startCountdown(){
var t = setTimeout("countdown()", 1000);
}
function countdown(){
var sHeet = "<?php echo $sheet;?>";
var artist = "<?php echo $artist;?>";
var tItle = "<?php echo $title;?>";
--time;
if(time == 0){
document.getElementById("countdown").innerHTML = "<form action='download.php?sheet=<?php echo $sheet; ?>' method='POST'><input type='image' src='img/download.png' alt='Download' name='timetodownload' value='Download'><\/form>";
}else{
document.getElementById("countdown").innerHTML = time;
var t = setTimeout('countdown()', 1000);
}
}
</script>
</head>
<body onload="startCountdown();" bgcolor="#343331">
<table width="100%" height="100%" cellspacing="0" cellpadding="0" border="0">
<?php
echo "<tr><td style='background:#343331;height:80px;border-bottom:#aaaaaa solid 2px;'>";
echo "<div id='bggreen' class='sheetbar'>
<div id='logo'><a href='index.php'><img src='img/logosmall.png'></a><br />
<a href='suggestions.php' style='color: #ececec; font-size: 14px;'>Report Errors</a></div>
<div id='timer'>
It is our sponsor's that keep this website running. Please view their website while you wait for:<br />
<span style='color: #6aa504;'>".ucwords($artist).$hyphen.ucwords($title)."</span>
<br />
<div id='countdown'>2</div>
</div>
</div>".$error;
echo "</td></tr>";
?>
<tr><td>
<iframe src="<?php echo $url;?>" width="100%" height="100%" frameborder="0" marginwidth="0" marginheight="0">
<p>Your browser does not support iframes.</p>
</iframe>
</td></tr>
</table>
</body>
</html>