Header problem

[Orbitz]

hi,

I was writing some script, and there was one part that only works on IE (on my windows xp SP1) , but not on Mozilla, firefox, and IE with SP2

part of the code:

PHP:
mysql_query("UPDATE file SET accepted = 'n' WHERE filename ='".$file_name."'");

$file= '/home/public_html/files/'.$file_name;
if ( file_exists($file)) {
header("Cache-Control: must-revalidate");
$offset = 60 * 60 * 24 * 7;
$ExpireString = "Expires: " . gmdate("D, d M Y H:i:s", time() + $offset) . " GMT";
header($ExpireString);
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Content-Length: ".filesize($file));
header('Content-Type: audio/x-mpegurl');
readfile($file);
}



// the problem is the mysql statement,
if I comment the line out or move the line right after the last line: readfile($file), then everything would be fine for IE, mozilla, and firefox...

However, with the mysql query before the Header, mozilla, Firefox won't work.... I thought if I were to echo something before Header, then i would have problem .....in this case..it is a mysql statment....

//NOTE: having mysql query on the top is very crucial to my script! Any help or suggestion would be appricated

Thanks!

[jason]

Are you getting any kind of error message? I suspect not from your description. Generally you'll get an error if any content has been sent when you issue a header() or setcookie() command, so I suspect that you aren't having an problem with the PHP itself. Since you are tryting to send out MPEG content, I'd venture a guess that the receiving browser can't handle the content for some reason.

Try commenting out all of your header() statements. PHP will default to a content type of text/html and the contents of the file should display, although it will look like garbage when it does. If that works then you can pretty safely assume that there is a problem with the headers. Next try it with just the Content-type header uncommented and see what happens.

I noticed that when you set the Content-length header you are using filesize($song_file). Shouldn't it be just filesize($file)? I don't see $song_file used anywhere else, so filesize() is probably returning 0 or false (which translates to 0), so the browsers see this a a 0-byte file with a lot of "junk" on the end of it.

Another thing you might want to try is setting a Content-disposition header. This will allow you to set a specific file name for the file. Without this the browser sees the file as having the same name as your script. Although the browser should be looking at the MIME type to figure out what to do with the file (and not the name), the "helper application" that should be getting called to play it may have trouble playing a "php" file. Try each of these:

header("Content-disposition: inline;filename=$file_name");
header("Content-disposition: attachment;filename=$file_name");

Just some ideas. Hope one of them works... Good luck.

--Jason

[Orbitz]

oh , i will try that...a.nd about the $song_file, i changed it to make it easier for you to read, and forgot to change all of them ..Thanks!

[Orbitz]

what I am trying to do with the script is to prevent direct access to my music in order to save bandwidth. I understand hotlink can prevent people from linking to your mp3; however, if they can put your mp3 link inside an <embed> tags, hotlink will fail:

for example: <embed src= "link to my mp3">, this will allow them to play my mp3 on their site

Therefore, I came up with this: the link to mp3 will be randomly generated and can only be used once ....

2 files: music.php and getmp3.php

in music.php, i have:

echo"<embed type=application/x-mplayer2 pluginspage=http://www.microsoft.com/Windows/Downloads/Contents/Products/MediaPlayer/ src=\"/mymusic/getmp3.php?id=$id&file_name=$file_name\" name=MediaPlayer width=280 height=24 ShowStatusBar=1 autostart=1 showcontrols=0 volume=7>";

The variable $file_name is the encryption of combination of the the song id and a random number ....getmp3.php will verify if the file_name exists on my database and has an attribute "accepted" = y, and it will decrypt it and get the content of the mp3 song selected and read it out...

If the $file_name exists, getmp3 uses the sql query to change "accepted" to value of "n" ....and that way, users can no longer use this randomly generated link to link to my songs....

====
If I put getmp3.php?$file_name=something on the browser URL location.then it runs fine.....(supposingly, $file_name exists on my table with "accepted"=y) --> getmp3 go through every single line and execute it.

but if i run from getmp3.php inside of the embed tag of the file music.php, the script wont work.......unless, as i mention....have the query statment right after reading the file out.

The reason that I dont want to place the query statment at the end is to prevent users from download the song as well...(only members).... if a users will very slow internet connection...during the time the script reading the file....he can just open up another window and download the file....(this is because the "accepted" value is still = 'y') at this point

I am thinking about using somekind of javascript to encrypt the embed tag ...I undertand that user will be able to decrypt it..but he/she needs to spend a short time to decrypt it...by then....the "accepted" value will = 'n'


Any suggestion or better solution? Thanks guys!

[Vin DSL]

No big deal! Simply place your MP3 file[s] outside the web path, and call them through an <include> or whatever. There are a lot of different ways to do this. HOW you do it is up to you, but the idea is to put those files where 'they' cannot get at them, but YOUR script[s] can...

Make sense?

[Orbitz]

HI Vin,
yah, i've already known that, and it is part of this script .. but the main thing is to generate random link..everytime a user click on, says, music.php?id=1, a random link generated which will then access to my file...once the file is accessed by my script, this random link will no longer work .....

The point of this script is not to allow users to download files. and to hide the link ..with only placing mp3 outside web path won't help.

and i have it work perfectly, except where i put the query statment is not exactly where i wanted it to be.