I'm thinking about a concept of how can I serve file/video without exposing the real path/url. What I have in mind is something like a database table which is composed of a hash and equivalent url like this:
id: 1
hash: ABCDEF
realurl: http://site.tld/folders/videos/myvideo.mp4
Then, the video links are hidden by php like this:
http://site.tld/stream.php?video=ABCDEF
so that whenever I call the above url, it serves the file from realurl in database without the realurl being exposed to viewer since they are streaming the file/video through the stream.php
Any help would be appreciated.
EDIT: Here's what I did so far, still can't make it work. I wonder if I'm on the right way.
<?php
$video = $_GET['video'];
$username = "username";
$password = "xxxxxxxxxxx";
$hostname = "localhost";
$database = "stream";
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
$selected = mysql_select_db($database,$dbhandle)
or die("Could not select $database");
$path = mysql_query("SELECT `realurl` FROM `stream` WHERE `hash`=’$video")
or die(mysql_error());
readfile($path);
mysql_close($dbhandle);
?>
Your solution would work.
Assuming that your URLs will be permanent, make sure you backup your database so that in case of crash or data loss, you are able to re-point your dynamic URLs to the correct video files.
Related
Sorry if the title is not clear, I'm in a project where we're building an Android app that connects to a MySql database to display some data. We're using PHP to connect to the database, and we're using dbconfig.php that contains something along the lines of:
define("servername", "host");
define("username", "username");
define("password", "password");
define("database", "database");
Since we are often connecting to databases hosted in different servers, we had to manually change the dbconfig every time before running the app, so we're thinking of letting the user write this information on the app itself. I thought of making the app send a POST request then having the dbconfig have something like this:
define("servername", $_POST["host"]);
define("username", $_POST["username"]);
define("password", $_POST["password"]);
define("database", $_POST["database"]);
But I know the dbconfig is supposed to be secure so I am not comfortable dynamically changing the dbconfig and looks like a bad idea. What is the best way of achieving this?
Edit: It is a bad idea, on another note how would an app similar to this work?
Would it not require some type of POST request to send the database credentials onto a server side language?
This is a real bad idea, because:
you are passing credentials via POST
you do not sanitize/strip the credentials (the $_POST content)
you are transferring your credentials via HTTP(S) (or something else)
One approach is to define some REST endpoints and let your app call those endpoints. The endpoints can then decide to which server they are going to connect.
if you are in development mode you could have a different home page to send the name of the database to use .. something similar to this
$db = isset($_POST['db']) ? $_POST['db'] : 'default';
switch ($db) {
case 'db1':
$servername = 'host1';
$username = 'username1';
$password = 'password1';
$database = 'database1';
break;
case 'db2':
$servername = 'host2';
$username = 'username2';
$password = 'password2';
$database = 'database2';
break;
default:
$servername = 'default_host';
$username = 'default_username';
$password = 'default_password';
$database = 'default_database';
break;
}
define("SERVERNAME", $servername);
define("USERNAME", $username);
define("PASSWORD", $password);
define("DATABASE", $database);
quick mysql question.
I'm new at php/mysql and followed a tutorial(php/mysql for dummies) so I don't really know what I did wrong or if the tutorial is wrong.
I have a file, "database_connections.inc", that looks like this:
<?php
$user = "username";
$host = "host";
$password = "password";
$database = "database";
?>
With the actual credentials not included for obvious reasons.
Then in another file, login.php, I have:
include("database_connections.inc");
$cxn = mysqli_connect($host,$user,$password,$database)
or die("Query died: Couldnt connect to server.");
I get an error message with the "or die" text, accompanied by a warning:
host xxxxx.000webhost.com is not allowed to connect to this mysql server in....
Why not? I'm sure my credentials are all correct.
I've read in a few places to run some shell statements...but can't really do that, I'm on Windows.
I'm using phpMyAdmin, so hopefully I can do something from there?
Open "database_connections.inc" and change it to look like this:
<?php
$user = "root";
$host = "localhost";
$password = "";
$database = "test";
?>
MySQL is by default configured to work with localhost (or 127.0.0.1), in order to allow "host xxxxx.000webhost.com" as host, open phpMyAdmin and select "SQL" and execute this query;
GRANT ALL ON your_database_name.* TO your_user#your_host_xx.xxx.xx.xx IDENTIFIED BY 'your_password';
Go into PHPMyAdmin, and edit your user.
Under Login Information, there should be an option for "Host"- try adding xxxxx.000webhost.com.
I am programming a game in PHP and have the following code to connect to a database
//$sqldb=mysql_connect('godaddy.hostedresource.com', 'godaddyUserName', 'godaddyPassword') OR die ('Unable to connect to database! Please try again later.');
$sqldb=mysql_connect('localhost', 'root', 'mypassword') OR die ('Unable to connect to database! Please try again later.');
The trick here is that if I am on the production server I comment out the godaddy database; when I upload the code to the server I then comment out the localhost code instead.
Unfortunately the ineveitable has happened and I uploaded the code with the wrong connection commented out; this led to 24 hours of locked out customers! :(
Is there a way to have the code to tell if it is on the localhost server, and if it isn't it then looks for the godaddy connection?
you can try this to identify if its on live or localhost
if($_SERVER["SERVER_NAME"] == "localhost"
&&
$_SERVER["SERVER_ADDR"] == "127.0.0.1"){
// in localhost
$hostname = "localhost";
$username = "localuser";
$password = "localpassword";
}else{
// not in localhost
$hostname = "livehost";
$username = "liveuser";
$password = "livepassword";
}
and fail if couldn't connect to database but save the error into a file.
if(!mysql_connect($hostname,$username,$password)){
file_put_contents("mysql_connect.error",mysql_error(),FILE_APPEND);
die("Couldn't connect to database");
}
a suggestion, try not to use mysql_* anymore, switch to PDO or mysqli ..
if ($_SERVER['SERVER_NAME'] == 'the.name.of.your.devel.server') {
$host = 'localhost';
} else {
$host = 'name.of.godaddy.server';
}
$sqldb = mysql_connect($host, ....);
i normally use a method of obtaining the URL / domain of the site? This can work in certain situations and setups. Otherwise if your operating with a fixed IP than you can also use this method
Have a look over the methods using $_SERVER
PHP $_SERVER
One way would be for you to check your external IP address and see where you are. A solution should present itself by looking at the properties inside the $_SERVER global variable.
I have a good suggestion : You coding a game , game is a big program, you don't use mysql* function directly in big program , because yourself should handling them, such as error handling.i suggest you use a DB-Handler. please google for : DB-Handler PHP
As has been mentioned by other people, you can obtain the current site your script is running on using the $_SERVER variable. However, I would like to provide an alternative solution.
You could make a folder in your website (both local and production), something like config, then store a configuration file in it, for example config.php, with the following:
<?php
// Local
$db_host = 'localhost';
$db_username = 'root';
$db_password = 'mypassword';
?>
And for production:
<?php
// Production
$db_host = 'godaddy.hostedresource.com';
$db_username = 'godaddyUserName';
$db_password = 'godaddyPassword';
?>
and disallow access to the directory with a .htaccess file in the directory, something like:
deny from all
Then, in your PHP code, do the following:
<?php
require_once($_SERVER["DOCUMENT_ROOT"] . "/config/config.php");
$sqldb=mysql_connect($db_host, $db_username, $db_password) OR die ('Unable to connect to database! Please try again later.');
?>
Now, simply leave the different configuration files where they're at and upload everything else, so your code will access different configuration files whenever it runs.
Also, the .htaccess file should prevent anyone from accessing the file via HTTP, and having the file contents in PHP tags, as well as a .php extension should prevent anyone from seeing any contents if they were able to access the file (PHP would parse the file before it is rendered, and would output nothing).
I have a php script that limits the amount of times people can download content on my site. I found this script by google searching and changed it a bit to get it working for me.
The problem is I don't know anything really about php. The first part of the script checks the referring page. When I copied the php script, it was set up to check a single URL. My problem is I want to reference the php script from multiple pages, because one page has flash on it, and another page I created for mobile phones that don't have flash. Because of this, the link only works on one page - the page with the url I replace in the script.
My question is, what is the code to include multiple URLs in the reference check? I don't know if it's something very simple, or if it's even possible.
Below is the part of the php script which checks the referring URL, and then proceeds to login to mySQL DB to begin the download.
$referer = $_SERVER['HTTP_REFERER'];
$keymatch= $_SESSION['key'];
$pass='key';
$md5value= md5($pass);
if (($referer=="my url containing php script link")&& ($keymatch==$md5value)) {
$username = "user";
$password = "password";
$hostname = "host";
$database = "database";
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
$selected = mysql_select_db($database,$dbhandle)
or die("Could not select $database");
Thanks in advance for any help.
-Richard
Rather than checking referer matches on one link:
if (($referer=="my url containing php script link")...
Create an array of links and match against that:
$referers = array('link1', 'link2','link3');
if((in_array($referer, $referers)...
I have to return data fetched from MySQL table into a php file as JSON. Here is my code to connect to mysql & get data from it. How could now I return it as JSON.
<?php
$username = "user";
$password = "********";
$hostname = "localhost";
$dbh = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
print "Connected to MySQL<br>";
$selected = mysql_select_db("spec",$dbh)
or die("Could not select first_test");
//$rows = array();
$query = "SELECT * FROM user_spec";
$result=mysql_query($query);
//mysql_close($dbh);
?>
Under is full stack that I have to implement. For step 3, I am rendering the list dynamically using user inputs though its not using any engine but directly using input values so I have to see it how to do once I get JSON data. I put the stack so that you people can kindly see it what I have to do when possibly helping me.
the user load an HTML page
the page make an ajax call and get the options as a JSON(either it exists already in the database, or a new option set is generated)
the json is rendered using a JS templating engine (PURE in our case)
the user change something
the same JSON is modified and sent by a POST to the server
the server read that JSON and store it in the database(you would write the data to your file). And then go back to the step 4, to wait for another user change.
Given that only one user_spec row is returned you can use the built in json_encode function:
<?php
$username = "user";
$password = "********";
$hostname = "localhost";
$dbh = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
//print "Connected to MySQL<br>";
$selected = mysql_select_db("spec",$dbh)
or die("Could not select first_test");
$query = "SELECT * FROM user_spec";
$result=mysql_query($query);
echo json_encode(mysql_fetch_assoc($result));
?>
Should do the trick.
Even if you are using an older version of PHP, you can find a suitable function in the user comments at the json_encode PHP Manual page to use in it's place.
I think what your looking for is json_encode
Unless you're like me using a painfully old version of Symfony (for your sake, I hope not!) your answer is json_encode Zend and CodeIgniter have similar other easy methods.
If you're not lucky enough to have access to that, you can build it manually via foreach loop.
You can check your JSON strings using JSONlint