Retrieving an mp3 file

I’m trying to retrieve an mp3 file that is above the root level to play it in a flash button. This is the script I have so far. It is returning an empty file.
Any ideas?

Thanks E


<?php
	
	if ($_GET['password']!='password'){ exit; }
		
	$filepath=$_GET['song'];
	
	if (!file_exists($filepath)){ echo "no file exists"; exit();}

       header('Content-Type: audio/mpeg'); 
       header('Content-Disposition: attachment; filename="song.mp3"');

      readfile($filePath) or die('could not read file');

?>

duhh…

I heard there was some way to use an alternative header that wouldn’t alert browser plug ins of the mp3’s presence. Does anyone no what that would be?

E

Its above the root level. So I don’t think it can be accessed.

readfile([B]$filePath[/B]) or die('could not read file');

should be

readfile([B]$filepath[/B]) or die('could not read file');

what are the possible values of $_GET[‘song’] ?

you might want to do something like

$_SERVER['DOCUMENT_ROOT']

I don’t know the answer to your question (as the code looks fine to me), but you have a major security issue here!

Maestro, please play me the song /etc/passwd …

Assuming your web host is running open_basedir you may be right. Otherwise you’re still in trouble …

It’s Content-Disposition: attachment; and it’s already in your script so you should be fine :slight_smile: