GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Webmaster Q & Fuckin' A (https://gfy.com/forumdisplay.php?f=27)
-   -   secure flash player (https://gfy.com/showthread.php?t=741860)

MissFireCrotch 06-11-2007 07:36 PM
secure flash player
 
Currently i am using jeroenwijering flash player, but this exposes the file url of flv files. Does anyone know of a more secure player that can hide the url's of flv files? Right now I am using js to protect it alittle by creating the player dynamically. I know that you can not stop ripping completely but you can stop 50% of the people that just look at page sources.

I tried a php file such as:
PHP Code:
$file "/video/" $_GET["file"];

$fh fopen($file,"rb");

while (!feof($fh))
{
header("Cache-Control: no-store, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Content-Type: video/x-flv");
header('Content-Length: ' filesize($file));
print(fread($fhfilesize($file)));
}

fclose($fh); 
by calling "file=script.php?file=foo.flv

but this made my browser crash (firefox) and server resources sky rocket!

gwkg 06-11-2007 10:37 PM
$file should probably be the absolute path to the folder

something like

$file = "home/wwwroot/public_html/video/"

gwkg 06-11-2007 10:45 PM
actually you should put the .flv files outside of the public_html directory so they are not accessible from the web.

MissFireCrotch 06-12-2007 01:36 AM
ok this is what i have now:
flv files are located outside my webroot
the file path is '/home/username/movies/'

the code in stream.php is:
PHP Code:
$file "/home/username/movies/" $_GET["file"];

$fh fopen($file"rb") or exit("Could not open $file"); 
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-store, must-revalidate");
header("Content-Type: video/x-flv");
header('Content-Length: ' filesize($file));
while (!feof($fh))
{
print(fread($fh10000));
}
fclose($fh); 
ok now if i do www.mysite com/stream.php?file=test.flv
my browser will download the file only named stream.php
which is correct, its able to get the file. I dont know if there is a problem that it could be returning as a .php file and the player will not play it?

but if i try to play it in the flash player it just sits there with the flash logo going, like its trying to find the file.

the code for the player that i am loading is:
PHP Code:
<div id="player">
<embed id="mpl" width="320" height="260" flashvars="file=stream.php?file=p1.flv" allowfullscreen="false" quality="high" name="mpl" src="movieplayer/mediaplayer.swf" type="application/x-shockwave-flash"/>
</div
and once again this is the jeroenwijering player.

that site seems to be down or i would be there too.

divine116 06-12-2007 05:22 AM
thanks for the info!

MissFireCrotch 06-12-2007 02:11 PM
ok i have my player working with stream.php?file=video.flv This works and well. The files are located outside my web root so only this script will be able to access them. But how do i protect this script so that people dont just put that in the url line and are able to dl my movie?

i have tried:
Code:
if (!$_SERVER['HTTP_REFERER']){
print "This page can't be accessed directly. Please click back to start over.";
 }
and

Code:
if (!defined("Something_was_defined_on_previous_page"))
{
  die ("Don't waste your time trying to access this file");
}
and neither one works. stream.php will only respond with what it should be responding when the script is accessed directly on the url.

ASACP Cal 06-12-2007 06:47 PM
This is an interesting question.

With the first example if $_SERVER['HTTP_REFERER'] doesn't evaluate to whatever php thinks of as false it won't work. If you tested for a specific refererrer it might however. One way to do this where there may be many possible "right" answers would be to use a regular expression:

if (!preg_match('#^http:/+mydomain.com#',$_SERVER['HTTP_REFERER'])) die("can't view this link directly!");

I'm wondering if apache config could be doctored in some way to prevent this eg using mod_rewrite.

MissFireCrotch 06-13-2007 01:57 PM
well after some testing by echoing out $_SERVER['HTTP_REFERER'] and others, there is no http_referer at least stream.php does not see one! i am kinda lost with this. the only other thing that i know to do would be to create key like db entries per users ip address that has a timeout limit set to it. say grab the time and user ip, encode that, throw it in the db. then when calling stream.php pass the users ip and compare that to the encoded db entry and compare the time thats with it and do a compare. say it was inserted into the db 5 mins ago is ok, 6 mins no timeout if thats ok stream.php passes the video file.

gwkg 06-13-2007 03:29 PM
You could use a session id.

Create the original page with php and pass the session id through the link calling the flash file

stream.php?flash.flv&id=SDFJSFOIW$WH

then have stream php check the session id passed to the one being used for the current session. If it matches create the flv and pass it.


All times are GMT -7. The time now is 05:45 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123