We're creating a form that allows users to upload large files. On mobile devices and slow connections, it might take a while to upload, so it seems important for this to be handled by an AJAX call that shows the users a progress bar (or something to let them know it's still working).
Here's the problem: The endpoint for the upload is a 3rd party API which expects our secret API key as one of the parameters. Here's a link directly to the section in their documentation. This API key cannot be exposed to the users on the client side.
My first instinct is to submit the form to an intermediate PHP script on our site, which has the API key, and then uploads the file to the API. But I'm pretty sure this will mean uploading the file twice: once to our server. Then again from our server to the API endpoint. Even if the form is submitted with AJAX, it's not a great result for the user to wait twice as long for it to complete.
So: What's the smoothest way to let users upload files while keeping our API key safe?
Some details that may or may not be important:
Our site is a PHP web app built on the CakePHP framework (v2.x). The files being uploaded are video files of all different formats between 1 and 5 minutes long. The API is a company called Wistia (see link to docs above). The file sizes seem to range from 3-30MB. We have no ability to change the way the 3rd party API works.
Uploading twice shouldn't be an issue - should it?
Its from your server to their API - this is what servers and APIs are meant for - exchanging data.
Javascript is not meant for this.
There is no way to hide it on the client, so your first instinct was correct - you will need to forward the file from the server.
It should be possible to read raw post stream from php://input, you can get the uploaded file from there (if you can parse it :)) and start upload to api server right away.
But even if the communication between mobile device and your script is slow, your script likely will likely upload fast to api server. So is it really needed?
Related
I am using mysql database, i have a web site. So now i decided to create a mobile application. But i have some image in ftp, and their path saved as a varchar in mysql.
I connect to mysql remotely in Android app. But i dont know which is the best way to show image on Android app.
I have 2 way to show it. First one is i can get an image path and show on an url in image view or the other one is i saved that images blob file in mysql and get the base64 encoded text and show. But which is the better way ?
Google has released an awesome library that handles HTTP requests and its main purpose is literally simplify developers life when they need to manage a huge amount of web requests, providing image caching solutions and avoiding the problems of concurrent programming, thread syncronization etc...
I'm talking about Volley
This great solution is exactly the solution to your problem, why? It's because it exposes a clear way to request remote image resources and caching them directly inside the app storage, without the inconvenient of using mobile network each time you open the app, refresh a fragment/activity or add a new element to a listview object.
This is done by implementing an image request method.
So, I think you should store your images on disk and save just their path inside the database, and then, from the app, make a request to your server, Volley will take care of getting the image and raising a callback when the request has been completed.
Simple and clear.
I am trying to develop a RESTFUL API call in PHP , where someone will send me a file through the URL to upload
something like:
script.php?file_name=text.txt
is there away I can take text.txt and upload it in PHP?
To clarify:
lets put it this way , what are the ways that a end user could send a file to a PHP program?
The problem with this is that the REST server is not aware of the end user's machine in any way. So, say for instance that your end user is at yoursite.com/upload where they fill out a form with the upload credentials which posts to api.yoursite.com/uploads/do or whatever. As far as the api is concerned, yoursite.com is making the request, not the end user.
So, no. In my opinion there is no safe way to do this. The best alternative would be to upload the file and then HTTP POST the contents to the rest server. That can be tricky if the file is much larger than a few kilobytes, and you would want to do all sorts of security checking before writing the file to the server. The other option would be to use yoursite.com to upload the file to a temporary location and then send some information to the rest server with details on out to CURL the file contents from the first server. Also, can be insecure.
What problem are you trying to solve? What language framework? Can you give more details please?
To give a quick example of my question, consider the JS file provided by Google to capture Analytics data that we paste in our files. How does this JS file get all the data? I want to know how to create such JS files that I can give out to others who can then run it on their own websites and yet, store data on my website server. In short, they only copy the 1-2 lines of JS in their pages and all the intended functionality would run on their website, but the data will be stored on my web server database.
How can I attach the functionality to such a JS file? I mean, how can I tell the JS file whether to collect Analytic data or show a form, etc. I am using PHP for server side processing. I did not find any good information on this so far.
Edit 1:
I wanted to add that the functionality is NOT limited just to analytics. It could be even as simple as showing a contact form that sends email to recipients, etc.
Google Analytics has a client-side javascript file that the site-owner puts a reference to in their web page. When that javascript file runs, it collects information about the current page and then makes a request of Google's server with that information encoded in the request and Google's server records that information in their database. Because ajax calls are subject to the same-origin limitations, Google's request back to their server is actually for a GIF image with the data encoded in the URL.
Here's Google's explanation of how it works: http://code.google.com/apis/analytics/docs/concepts/gaConceptsOverview.html
To create something like this for your clients, you would have to create the appropriate javascript file, host it on your servers, give out the instructions for installing it into their web pages and create the right PHP scripts for recording the information that comes in when the GIF is requested (presumably, you'd have to do some web server configuration to get your PHP scripts to run on a GIF request too).
I think you can find the answer to your question here: How to send data to remote server using Javascript
In short, you'll be able to send data to another domain using JSONP. You can achieve this also with jQuery's, $.getJson method.
By inserting something like
<script src="http://myeviltrackingsite.com/track.js"></script>
the visitor's browser will ask your server for track.js. When asked your server will get a normal HTTP-Header from the visitor and of course his IP. This HTTP-Header contains all information you want like the visitor's language, the kind of browser he uses. To track the visitor's geo location you can use the visitor's IP address and do a reverse IP lookup. there are free geo location databases available.
I came across quite a few video distribution services (one is heyspread). The video they have on their home page is like, you upload your video only once and it is distributed to other video sharing sites. To me, it looks like they have coded it in Php.
Can anyone explain me the logic behind it? How is possible? Also, will it take the bandwidth of uploading it only once or uploading it to all the sites that we are using?
Also, if I had to code one like that, are there any links which I can use as a start up to kick off?
Here is my explanation based on what I know and your requirements:
Can anyone explain me the logic behind it?
You basically act as a mediator for all the sites. What the users do is given the site their permission to use their credentials that they set up in this multiple sites and allow you to upload video on their behalf so they don't have to do it themselves thereby saving them time
How is possible?
Many of the video hosting websites operate on HTTP protocol. In order to upload on your behalf the video distribution service do the following for each of the website (I have generalize the steps, there could be more than these steps for some of the sites):
Authenticate using the credentials that you give
Upload the video using one of the following ways:
If there is API available, then this is the preferred way for the service to upload on your behalf as the interface to authenticate/upload are clean and well define
If no API is available for a particular website, then the service has to simulate the HTTP sequence as if the request is made from the browser by the user. This is not the best way but sometimes is the only way. This approach is not as robust as the first one because the contract could change and you don't necessarily get the confirmation message (for success/failure of upload for example) other than via parsing the HTML
Also, will it take the bandwidth of uploading it only once or uploading it to all the sites that we are using?
It will use your bandwidth once to upload the video the first time. In order to upload to other websites on your behalf, the video distribution service will use its datacenter/cloud service bandwidth
Also, if I had to code one like that, are there any links which I can use as a start up to kick off?
I don't know any that does exactly like that, but you should look at each site that you want to mediate and see if they have the API first. You might want to start with those who have before trying to simulate user's click for those who don't have API. For example YouTube even goes further by providing the Client Library for you to use based on your language of choice.
I need help finding resources that would help me or at least point me in the right direction in building a Flash media server/PHP application. I basically want to improve my current application by instead of progressive download using flash media server so that the videos will not only stream well but they can't be downloaded by the end user.
What the current application does is show a login form on the homepage and then when logged in the user can then navigate the site by choosing videos from a particular video category or video uploaded by a specific user. All this is done with PHP. The video page uses progressive download to display the video after the video ID has been passed using PHP.
I need to know how PHP and flash media server work together. Are there any resources out there where I can find a good application example (really simple) that demonstrates how PHP and flash media server can be used to stream videos dynamically such that PHP checks for the login, video ID, video channels, and video category information while the flash media server streams the video.
Really, PHP and FMS shouldn't be talking at all. It can be done within FMS, but a much easier approach is to let your Flash Player (which you'll have to have anyway) do the talking to FMS. Flash to FMS communication is well documented and very easy. Just have the PHP call forth a Flash video player with whatever info you need. It would probably be eaiser to have PHP authenticate and give the Flash some sort of authentication token if you're really worried about security.
Just so you know though, just because your media is streaming doesn't mean someone can't download it. There's several tools to rip streamed media out there. It is of course more secure, but it's not full-proof.
You may want to try Red5 instead of Flash Media Server. I've use Flash Media Server in the past and it can be a pain to take care of. With Red5 you at least have more flexibility and it is free. If you go down the Red5 path you will find more people customizing it like this one time ticket for Red5 post. I believe that is very close to what you are looking for.
The biggest problem with PHP and Flash (mediaserver) is the different "flow" of code.
PHP is straightforward:
Start request, do something, send response. Done.
Flashmedia only loads (compiles) your code when a client connects, and then only events are triggered. Most operations do not return, but need a callback.
Load application.. wait for something.. Event launched: do something, fire off another request together with a response handler object.. etc.
I have build an extensive chatservice with FlashMedia server and PHP as front and back-end.
The front-end is simple: just plain PHP/HTML-pages which will eventually create an <OBJECT>-tag loading some Flash applet.
That flash applet should connect to the Flash media server using information/credentials passed to it with the FlashVars-option or loaded (generated) XML-data from a separate URL.
From that point, the Flash applet (client) does it's thing with the Flashmedia server.
For this example, you want to verify credentials from the Mediaserver. You should use the AMFPHP framework for that.
AMFPHP is a replacement for Macromedia's "Flash Remoting" system where Flash [applets/servlets] can do asynchronious communications over HTTP.
For the AMFPHP-framework you write an interface class wrapping your credential-validation code. There is a test-page which validated the response of your wrapper.
(The AMFPHP Framework can also generate AS2 sample code so you have an idea how the Flashmedia server should send an request and handle responses.)
A warning: AMFPHP uses POSTs to send
and retrieve data. In the past,
there were problems when more than
2k of data was truncated. I now only
use it for relative short messages.
AMFPHP is very reliable. You can use it to do external logging for example.
Using flash media server so that the
videos will not only stream well but
they can't be downloaded by the end
user
This won't really work. It make make it "harder" for some people in the same way that not putting a big, huge "download here" button makes it "harder", but the content is still being downloaded to their computer, just in a different way. Anything that's downloaded can be saved to the disk.
I am doing similar thing. First, for authentication, you can use FMS's authentication plug-in. Of course, you can make your own stuff in PHP. Instead of adding PHP into FMS's original Apache, I decided to run XAMPP in parallel, with different port of course.
To start and stop the encoder, you can make use of FMLEcmd command.
My environment:
Flash Media Development Server 3.5
Flash Media Live Encoder 3.1
XAMPP (at port 8080)