I have a .flv file. This file needs to be hosted on our FTP server, and I need to make a php page that displays this video.
This video should be visible for only one pageload. for example:
http://somepage.com/?id=akudps2
with this URL it will load the video, one time, the next time this page is loaded the video is not visible anymore as the link expires.
there can be multiple valid links active simultaneously. So for example I could send the same video withdifferent URLs to multiple users.
MUST:
it should not be possible to get the real filename of the flv file from the page's source code. the viewer should not be able to download the file.
this should all be done without the use of a database as we dont have one on this database. it can use textfiles tough.
For your first segment in the question, you can create your own management via files.
Write a new line to a file every time you create a "key" for this, for example...
<?php
file_put_contents("sessions.txt", "sjhGtwtha 0", FILE_APPEND);
The '0' here for this instance, means "not used".
Then you can do something like this:
<?php
function isUsed($key) {
$keys = file_get_contents("sessions.txt");
foreach (explode("\n", str_ireplace("\r", "", $keys)) as $line) {
if (substr($line, 0, strlen($key)) == $key) {
return substr($line, strlen($key) + 1, 1) == '1';
}
}
return true; // ID is invalid, never been assigned at all
}
function updateFile($key) {
$keys = file_get_contents("sessions.txt");
foreach (explode("\n", str_ireplace("\r", "", $keys)) as &$line) {
if (substr($line, 0, strlen($key)) == $key)
$line = $key . ' 1';
}
file_put_contents("sessions.txt", implode("\n", $keys));
}
To decide whether it was used.
As for the second part, I'm not sure that's doable. You can try to obfuscate but eventually the browser needs to know what file is going to be played, so it will always at some point, be accessible via digging in the source.
Related
After almost 3 days of troubleshooting I gotta ask for advice.
A have a small imageboard with 4 images and 4 'like' buttons. Earlier I made it so the number of clicks with each button stores in a .txt file. Now I basically need to make it so a person can press a certain button only once.
This is ip.txt. The number to the left is button ID, to the right is IP of the person that clicked that button.
click-001||127.0.0.1
click-002||
This is very simple. I need to make sure it stores ip when I click on my PC, then stores another IP when I click on my pad - and stops whatever I do next. Now for the last few days it's been doing anything except that!
My current code with isset. That sees the first IP but doesn't add the second:
$file2 = 'ip.txt'; // path to text file that stores counts
$fh2 = fopen($file2, 'r+');
$ip_addr = $_SERVER['REMOTE_ADDR'];
$lines2 = '';
while(!feof($fh2)) {
$line2 = trim(fgets($fh2));
if ($line2) {
$line2 = explode('||', $line2);
if(isset($line2[0], $line2[1])) {
$item2 = trim($line2[0]);
if(!empty($item2)) {
if($item2 == $id) {
if(empty($line2[1])) {
$lines2 .= "$item2||$ip_addr\r\n";
file_put_contents($file2, $lines2);
} else {
// this is where it always fails
if (!isset($ip_addr)) { $ip_all = $line2[1] . " " . $ip_addr;
$lines2 .= "$item2||$ip_all\r\n";
file_put_contents($file2, $lines2);
} else {
echo "lul";
}
}
}
}
}
}
}
fclose($fh2);
I also tried this with in_array function:
$ip_all = array($line2[1]);
if (!in_array($ip_addr, $ip_all)) {
array_push($ip_all, ',' , $ip_addr);
$ip_fin = implode($ip_all);
$lines2 .= "$item2||$ip_fin\r\n";
file_put_contents($file2, $lines2);
^ This one also sees the first IP and adds the second, but then fails to find whether the IP is already there and just keeps adding copies when I click.
This is brutal. What am I doing wrong and is there an easier way?
Use MySQL database to accomplish this.
Using a text file is super inefficient and can cause conflicts when multiple users liked at the same time!
Insert the IP to database everytime a user clicked the 'Like' button and then use a select query to determine if this IP has liked the picture before.
I do not recommend using just IP tho as some ISP gives dynamic IP that changes the IP (Public IP) address every few seconds.
Use cookies to store a unique cookie for a user (if they are not logged in) or just ask the user to login first before voting!
Information about MySQL Insert and Select are everywhere on Google.
Here's one : https://www.w3schools.com/sql/
best method: use a database or use XML (XML have very useful library)
text file method:
get file and edit...
$id = "...";
$ip="...";
$file2 = file('ip.txt');
$file2 = array_map(
function($current_line) use ($id,$ip) {
$current_line = explode('||', $current_line);
if($current_line[0] == $id){
$current_line[]=$ip;
}
return join("||",$current_line);
},$file2
);
file_put_contents('ip.txt', implode('\n', $file2));
I am working on my 404 error doc, and I was thinking instead of just giving a sitemap, one could suggest to the user the website he might have looked for based on what actually exists on the server.
Example: if the person typed in "www.example.com/foldr/site.html", the 404 page could output:
Did you mean "www.example.com/folder/site.html"?
For this, I wrote the following code which works for me very well. My question now is: is it "safe" to use this? As basically someone could detect all files on the server by trying all kind of combinations. Or a hacker could even use a script that loops through and lists all types of valid URLs.
Should I limit the directories this script can detect and propose? With an array of "OK"-locations, or by file type?
Had anyone else already got an idea like this?
PHP:
// get incorrect URL that was entered
$script = explode("/",$_SERVER['SCRIPT_NAME']);
$query = $_SERVER['QUERY_STRING'];
// create vars
$match = array();
$matched = "../";
// loop through the given URL folder by folder to find the suggested location
foreach ($script as $dir) {
if (!$dir) {
continue;
}
if ($handle = opendir($matched)) {
while (false !== ($entry = readdir($handle))) {
if ($entry != "." && $entry != "..") {
similar_text($dir, $entry, $perc);
if ($perc > 80) {
$match[$entry] = $perc;
}
}
}
closedir($handle);
if ($match) {
arsort($match);
reset($match);
$matched .= key($match)."/";
} else {
$matched = false;
break;
}
$match = array();
}
}
// trim and echo the result that had the highest match
$matched = trim(ltrim(rtrim($matched,"/"),"."));
echo "proposed URL: ".$_SERVER["SERVER_NAME"].$matched;
Yup, you can see it as this:
Imagine a house with only glass walls on the outside, but it's night. You're a thief (hacker) and you want to check the house for worthfull loot (files with passwords, db connections etc).
If you don't protect (certain) files, you would be putting the lights on in every part of the house. The thief would look through the windows and see that you have loot - now the only the he would have to do is get in and take it.
If you do protect the files, the thief won't even be able to know that there was any loot in the house, and thus would the thief have a higher chance of moving on to the next house.
I have created my own l($text) function in php for a multi lingual website. i use it like this in my documents :
echo '<h1>' . l('Title of the page') . '</h1';
echo '<p>' . l('Some text here...') . '</p>';
My question is, with a php script, how can i scan all my .php files to catch all this function usages and list all the arguments used into a mysql table?
the goal, of course, is to not forget any sentences in my traduction files.
I didn't find anything on google or here, so if you have any ideas, or need some more information.
Could you:
read all *.php files with glob()
then use a regex to pull the strings out (preg_match())
strings simple mysql insert?
Seems simple enough?
i just finished, your help was usefull ! :-)
here is my ugly code for those who can be interested. it's not beautifuly coded, but not made to be loaded 10000 times per day so...
<?php
// define a plain text document to see what appen on test
header('Content-Type: text/plain; charset=UTF-8');
$dossier = 'pages/'; // folder to scan
$array_exclude = array('.', '..', '.DS_Store'); // system files to exclude
$array_sentences_list = array();
if(is_dir($dossier)) // verify if is a folder
{
if($dh = opendir($dossier)) // open folder
{
while(($file = readdir($dh)) !== false) // scan all files in the folder
{
if(!in_array($file, $array_exclude)) // exclude system files previously listed in array
{
echo "\n".'######## ' . strtoupper($file) . ' ##########'."\n";
$file1 = file('pages/'.$file); // path to the current file
foreach($file1 AS $fileline)
{
// regex : not start with a to z characters or a (
// then catch sentences into l(' and ')
// and put results in a $matchs array
preg_match_all("#[^a-z\(]l\('(.+)'\)#U", $fileline, $matchs);
// fetch the associative array
foreach($matchs AS $match_this)
{
foreach($match_this AS $line)
{
// technique of "I do not want to break my head"
if(substr($line, 0, 3) != "l('" AND substr($line, 0, 4) != " l('" AND substr($line, 0, 4) != ".l('")
{
// check if the sentence is not already listed
if(!in_array($line, $array_sentences_list))
{
// if not, add it to the sentences list array and write it for fun !
$array_sentences_list[] = $line;
echo $line . "\n";
}
}
}
}
}
}
}
closedir($dh);
}
}
?>
small precision : i do have to escape various cases as :
-> CSS : background: url('image.jpg');
and
-> jQuery : $(this).html('bla bla');
so here is why the regex starts with [^a-z(] :-)
it works very well now! just have to finish later with recording entries in a mysql table and ensure that i can load the script from time to time when there are changes on the site... keep the existing translation, overwrite the existing files etc... no problem with that.
thanks a gain, this website is really helpful ! :-)
I have been struggling to create a Simple ( really simple ) chat system for my website as my knowledge on Javascripting/AJAX are Limited after gather resources and help from many kind people I was able to create my simple chat system but left with one problem.
The messages are posted to a file called "msg.html" in this format :
<p><span id="name">$name</span><span id="Msg">$message</span></p>
And then using PHP and AJAX I will retrieve the messages instantly from the file using the
file(); function and a foreach(){} loop withing PHP here is the code :
<?php
$file = 'msg.html';
$data = file($file);
$max_lines = 20;
if(count($data) > $max_lines){
// here i want the data to be deleted from oldest until i only have 20 messages left.
}
foreach($data as $line_num => $line){
echo $line_num . " . " . $line;
}
?>
My Question is how can i delete the oldest messages so that i am only left with the latest 20 Messages ?
How does something like this seem to you:
$file = 'msg.html';
$data = file($file);
$max_lines = 20;
foreach($data as $line_num => $line)
{
if ($line_num < $max_lines)
{
echo $line_num . " . " . $line;
}
else
{
unset($data[$line_num]);
}
}
file_put_contents('msg.html', $data);
?>
http://www.php.net/manual/en/function.file-put-contents.php for more info :)
I suppose you can read the file, explode it into an array, chop off everything but last 20 fields and write it back to file, overwriting the old one... Perhaps not the best solution but one that comes to mind if you really cant use database as Delan suggested
That's called round-robin if I recall correctly.
As far as I know, you can't remove arbitrary portions of a file. You need to overwrite the file with the new contents (or create a new file and remove the old one). You could also store messages in individual files but of course that implies up to $max_lines files to read.
You should also use flock() to avoid data corruption. Depending on the platform it's not 100% reliable but it's better than nothing.
Hello there so I just setup this basic poll, I inspired myself from something I found out there, and it's just a basic ajax poll that waves the results in a text file.
Although I was wondering, since I do not want the user to simply mass-click to advantage / disadvantage the results, i thought about adding a new text file that could simply save the IP, one on each line, and then checks if it's already logged, if yes, display the results, if not, show the poll.
My lines of code to save the result are:
<?php
$vote = $_REQUEST['vote'];
$filename = "votes.txt";
$content = file($filename);
$array = explode("-", $content[0]);
$yes = $array[0];
$no = $array[1];
if ($vote == 0)
{
$yes = $yes + 1;
}
if ($vote == 1)
{
$no = $no + 1;
}
$insert = $yes."-".$no;
$fp = fopen($filename,"w");
fputs($fp,$insert);
fclose($fp);
?>
So I'd like to know how I could check out the IPs, in the same way it does basically.
And I'm not interested in database, even for security measures, I'm alright with what Ive got.
Thanks to any help!
To stop multiple votes, I'd set a cookie once a user has voted. If the user reloads the page with the voting form on it and has a cookie, you could show just the results, or a "You have already voted." message. Note that this will not stop craftier people from double-voting - all they would have to do is remove the saved cookie, and they could re-vote.
Keep in mind though that IPs can be shared so your idea of storing IPs might backfire - people on a shared external-facing IP won't be able to vote, as your system will have registered a previous vote from someone at the same IP address.
easiest way is to write data to file is
file_put_contents($filename, $data)
and to read data from file
file_get_contents($filename);
To get IP Address of the user
$_SERVER['REMOTE_ADDR']
See php manual for file_put_contents for more information and file_get_contents
Here is sample code
<?php
// File path
$file = 'votedips.txt';
// Get User's IP Address
$ip = $_SERVER['REMOTE_ADDR'];
// Get data from file (if it exists) or initialize to empty string
$votedIps = file_exists($file) ? file_get_contents($file) : '';
//
$ips = explode("\n", $votedIps);
if (array_search($ip, $ips)) {
// USER VOTED
} else {
$ips[] = $ip;
}
// Write data to file
$data = implode("\n", $ips);
file_put_contents($file, $data);
?>
You can use file_get_contents to save the file's content into a variable and then use the strpos function to check if the IP exists in that variable.
For example:
$ipfile=file_get_contents('ip.txt');
if (strpos($ipfile, $_SERVER['REMOTE_ADDR'])!==FALSE) // show the results
else // show the poll
Be careful with storing IPs in a text file, and then using file_get_contents() and similar functions for loading the data/parseing. As an absolute worst case, assuming that every possible IP address used your system to vote, you'd end up with a text file in the many many gigabytes in size, and you'd exceed PHP's memory_limit very quickly.