From 6dee48ccbd1f5a6e7b4d0e4645a0c956d671d1d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Luttringer?= <seblu@seblu.net>
Date: Sat, 6 Mar 2010 05:10:55 +0000
Subject: [PATCH] download is now by video id and not full path right check is
 done before serve content currently, only public video is downloadable

---
 admin/admin_home.php | 13 -------------
 include/home.php     |  2 +-
 include/videos.php   | 42 +++++++++++++++++++++++++++++++++++++-----
 3 files changed, 38 insertions(+), 19 deletions(-)

diff --git a/admin/admin_home.php b/admin/admin_home.php
index dd07912..bca30f8 100644
--- a/admin/admin_home.php
+++ b/admin/admin_home.php
@@ -376,19 +376,6 @@ $str = '
 
 echo $str;
 
-
-
-
-
-
 }
 
-
-
-
-
-
-
 ?>
-
-
diff --git a/include/home.php b/include/home.php
index 6cd6b47..182ab5c 100644
--- a/include/home.php
+++ b/include/home.php
@@ -110,7 +110,7 @@ function dispHomeLastVideos(){
       // DISP LAST VIDEOS BY TENDU
       $str .= dispWhenTendu($video["video_tendu"]);
 
-      $str .= '&nbsp;<li><a href="' . $video["video_path"] . ' " class="texte_link"' . '>'.$video["video_name"].'</a></td><td>';
+      $str .= '&nbsp;<li><a href="?video=' . $video["video_id"] . ' " class="texte_link"' . '>'.$video["video_name"].'</a></td><td>';
 
       if ($video["video_path_daily"]) {
 	$str .= '&nbsp;&nbsp;&nbsp;';
diff --git a/include/videos.php b/include/videos.php
index 91369cc..d5c61c2 100644
--- a/include/videos.php
+++ b/include/videos.php
@@ -51,11 +51,8 @@ function dispVideosMenu(){
   $str .= '<li><a href="index.php?section=Videos&year_page=2002" class="texte_link">2002</a></li>';
   $str .= '<li><a href="index.php?section=Videos&year_page=2001" class="texte_link">2001</a></li>';
   $str .= '<li><a href="index.php?section=Videos&year_page=2000" class="texte_link">avant</a></li>';
-  $str .= '<li><p>Pour visualiser nos videos: Click-droit, telecharger...</p>
-	       <p>Nous vous conseillons le lecteur <a href="http://www.videolan.org/vlc" target="blank">VLC</a> disponible sous Windows/Mac/Linux.</p>
-	   </li>';
   $str .= '</ul>';
-  return ($str);
+  return $str;
 }
 
 
@@ -121,7 +118,7 @@ function dispVideosByType($result, $video_type) {
 
   while ($video = mysql_fetch_array($result)) {
     $str .= dispWhenTendu($video["video_tendu"]);
-    $str .= '	&nbsp;<a href="' . $video["video_path"] . ' " class="texte_link"' . '>'.$video["video_name"].'</a></td><td>';
+    $str .= '	&nbsp;<a href="?video=' . $video["video_id"] . ' " class="texte_link"' . '>'.$video["video_name"].'</a></td><td>';
 
     if ($video["video_path_daily"])
       $str .= '<a href=?dailymotion='.$video["video_id"].' onclick="return popitup(this, \'EPTV\')" ><img src=\'../images/daily.png\' height=15 border=0></a>';
@@ -146,4 +143,39 @@ function dispVideosByType($result, $video_type) {
 
 }
 
+// download a video by it's video identifier
+function getVideo() {
+  // get video info
+  $result = getOneVideo($_GET['video']);
+
+  if (mysql_num_rows($result)) {
+    $video = mysql_fetch_array($result);
+
+    // check video and user right
+    if ($video["video_tendu"] > 0) {
+      header("Status: 403 Forbidden");
+      die("Permission refus&eacute;e.");
+    }
+
+    // check file existance and download
+    if (file_exists($video["video_path"])) {
+      header('Content-Description: Video Transfer;');
+      header('Content-Disposition: attachment; filename="'.basename($video["video_path"]).'";');
+      header('Content-Type: application/octet-stream;');
+      header('Content-Transfer-Encoding: binary;');
+      header('Content-Length: ' . filesize($video["video_path"]).';');
+      flush();
+      readfile($video["video_path"]);
+    }
+    else {
+      header("Status: 404 Not Found");
+      die("Le fichier video n'est pas disponible. Contactez le webmaster!!");
+    }
+  }
+  else {
+    header("Status: 404 Not Found");
+    die("La vid&eacute;o que vous demandez n'existe pas!");
+  }
+}
+
 ?>
-- 
GitLab