-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmedia.php
executable file
·142 lines (121 loc) · 3.37 KB
/
media.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<?php
require_once "./configuration.php";
// Verification
if (!isset($_GET["id"])) {
http_response_code(404);
// Include 404 error document here
die();
}
// Check if user is logged in
$payload = verifySession(true);
if (!$payload) {
logout(false);
http_response_code(404);
// Include 404 error document here
die();
}
$userId = $payload["sub"];
// User and token are verified
$msgId = $_GET["id"];
$sql = "
SELECT media.*, chats.sender, chats.receiver FROM `media`
JOIN messages
ON media.msg_id = messages.msg_id
JOIN chats
ON messages.chat_id = chats.chat_id
WHERE media.msg_id = ?
";
$statement = $connection->prepare($sql);
$statement->bind_param("i", $msgId);
$statement->execute();
$result = $statement->get_result();
if ($result->num_rows == 0) {
http_response_code(404);
// Include 404 error document here
die();
}
$row = $result->fetch_assoc();
if ($userId != $row["sender"] && $userId != $row["receiver"]) {
http_response_code(404);
// Include 404 error document here
die();
}
$file = "$privateFolder/chats/media/" . $row["filename"];
// Check that media file exists
if (!is_file($file)) {
http_response_code(404);
// Include 404 error document here
die();
}
// Must revalidate (remove for production)
header("Cache-Control: no-cache, must-revalidate");
// Ranges for resumable downloads and video seeking https://www.sitepoint.com/community/t/loading-html5-video-with-php-chunks-or-not/350957/3
$fileStream = fopen($file, 'rb');
$size = filesize($file); // File size
$length = $size; // Content length
$start = 0; // Start byte
$end = $size - 1; // End byte
header("Content-Type: " . $row["type"]);
header("Accept-Ranges: bytes");
// Handles partial content requests
if (isset($_SERVER['HTTP_RANGE'])) {
$c_start = $start;
$c_end = $end;
list(, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2);
if (strpos($range, ',') !== false) {
header('HTTP/1.1 416 Requested Range Not Satisfiable');
header("Content-Range: bytes $start-$end/$size");
exit;
}
if ($range == '-') {
$c_start = $size - substr($range, 1);
} else {
$range = explode('-', $range);
$c_start = $range[0];
$c_end = (isset($range[1]) && is_numeric($range[1])) ? $range[1] : $size;
}
$c_end = ($c_end > $end) ? $end : $c_end;
if ($c_start > $c_end || $c_start > $size - 1 || $c_end >= $size) {
header('HTTP/1.1 416 Requested Range Not Satisfiable');
header("Content-Range: bytes $start-$end/$size");
exit;
}
$start = $c_start;
$end = $c_end;
$length = $end - $start + 1;
fseek($fileStream, $start);
header('HTTP/1.1 206 Partial Content');
}
if (isset($_GET["download"])) {
header("Content-Description: File Transfer");
header("Expires: 0");
// Filename has to be in double quotes (")
header(
"Content-Disposition: attachment; filename=\"" . $row["original"] . "\""
);
header(
"Content-Length: $size"
);
header("Pragma: public");
}
header("Content-Range: bytes $start-$end/$size");
header("Content-Length: " . $length);
$buffer = 1024 * 8;
$s = 0;
while (!feof($fileStream) && ($p = ftell($fileStream)) <= $end) {
if ($p + $buffer > $end) {
$buffer = $end - $p + 1;
}
$s++;
echo fread($fileStream, $buffer);
if ($s >= 250) {
ob_clean();
ob_flush();
flush();
break;
} else {
flush();
}
}
fclose($fileStream);
exit();