Retrieving an mp3 file

I’m trying to retrieve an mp3 file that is above the root level to play it in a flash button. This is the script I have so far. It is returning an empty file.
Any ideas?

Thanks E

	if ($_GET['password']!='password'){ exit; }
	if (!file_exists($filepath)){ echo "no file exists"; exit();}

       header('Content-Type: audio/mpeg'); 
       header('Content-Disposition: attachment; filename="song.mp3"');

      readfile($filePath) or die('could not read file');



I heard there was some way to use an alternative header that wouldn’t alert browser plug ins of the mp3’s presence. Does anyone no what that would be?


Its above the root level. So I don’t think it can be accessed.

readfile([B]$filePath[/B]) or die('could not read file');

should be

readfile([B]$filepath[/B]) or die('could not read file');

what are the possible values of $_GET[‘song’] ?

you might want to do something like


I don’t know the answer to your question (as the code looks fine to me), but you have a major security issue here!

Maestro, please play me the song /etc/passwd …

Assuming your web host is running open_basedir you may be right. Otherwise you’re still in trouble …

It’s Content-Disposition: attachment; and it’s already in your script so you should be fine :slight_smile: