Commit 6dee48cc authored by Seblu's avatar Seblu
Browse files

download is now by video id and not full path 

right check is done before serve content
currently, only public video is downloadable
parent dd5b961b

admin/admin_home.php

+0 −13
Original line number Diff line number Diff line
@@ -376,19 +376,6 @@ $str = ' 


echo $str;













}















?>

include/home.php

+1 −1
Original line number Diff line number Diff line
@@ -110,7 +110,7 @@ function dispHomeLastVideos(){ 
      // DISP LAST VIDEOS BY TENDU

      $str .= dispWhenTendu($video["video_tendu"]);



      $str .= '&nbsp;<li><a href="' . $video["video_path"] . ' " class="texte_link"' . '>'.$video["video_name"].'</a></td><td>';

      $str .= '&nbsp;<li><a href="?video=' . $video["video_id"] . ' " class="texte_link"' . '>'.$video["video_name"].'</a></td><td>';



      if ($video["video_path_daily"]) {

	$str .= '&nbsp;&nbsp;&nbsp;';

include/videos.php

+37 −5
Original line number Diff line number Diff line
@@ -51,11 +51,8 @@ function dispVideosMenu(){ 
  $str .= '<li><a href="index.php?section=Videos&year_page=2002" class="texte_link">2002</a></li>';

  $str .= '<li><a href="index.php?section=Videos&year_page=2001" class="texte_link">2001</a></li>';

  $str .= '<li><a href="index.php?section=Videos&year_page=2000" class="texte_link">avant</a></li>';

  $str .= '<li><p>Pour visualiser nos videos: Click-droit, telecharger...</p>

	       <p>Nous vous conseillons le lecteur <a href="http://www.videolan.org/vlc" target="blank">VLC</a> disponible sous Windows/Mac/Linux.</p>

	   </li>';

  $str .= '</ul>';

  return ($str);

  return $str;

}
@@ -121,7 +118,7 @@ function dispVideosByType($result, $video_type) { 


  while ($video = mysql_fetch_array($result)) {

    $str .= dispWhenTendu($video["video_tendu"]);

    $str .= '	&nbsp;<a href="' . $video["video_path"] . ' " class="texte_link"' . '>'.$video["video_name"].'</a></td><td>';

    $str .= '	&nbsp;<a href="?video=' . $video["video_id"] . ' " class="texte_link"' . '>'.$video["video_name"].'</a></td><td>';



    if ($video["video_path_daily"])

      $str .= '<a href=?dailymotion='.$video["video_id"].' onclick="return popitup(this, \'EPTV\')" ><img src=\'../images/daily.png\' height=15 border=0></a>';
@@ -146,4 +143,39 @@ function dispVideosByType($result, $video_type) { 


}



// download a video by it's video identifier

function getVideo() {

  // get video info

  $result = getOneVideo($_GET['video']);



  if (mysql_num_rows($result)) {

    $video = mysql_fetch_array($result);



    // check video and user right

    if ($video["video_tendu"] > 0) {

      header("Status: 403 Forbidden");

      die("Permission refus&eacute;e.");

    }



    // check file existance and download

    if (file_exists($video["video_path"])) {

      header('Content-Description: Video Transfer;');

      header('Content-Disposition: attachment; filename="'.basename($video["video_path"]).'";');

      header('Content-Type: application/octet-stream;');

      header('Content-Transfer-Encoding: binary;');

      header('Content-Length: ' . filesize($video["video_path"]).';');

      flush();

      readfile($video["video_path"]);

    }

    else {

      header("Status: 404 Not Found");

      die("Le fichier video n'est pas disponible. Contactez le webmaster!!");

    }

  }

  else {

    header("Status: 404 Not Found");

    die("La vid&eacute;o que vous demandez n'existe pas!");

  }

}



?>