I need to secure my video files from website. So, I need to decode my files name. I used the following code. But the video not playing.
<?php
$str1 = 'movie.mp4';
$enc1 = base64_encode($str1);
$str2 = 'movie.swf';
$enc2 = base64_encode($str2);
$str3 = 'movie.ogg';
$enc3 = base64_encode($str3);
$str4 = 'movie.webm';
$enc4 = base64_encode($str4);
echo "<video width='320' height='240' controls>
<source src='".$enc1."' type='video/mp4'>
<source src='".$enc3."' type='video/ogg'>
<source src='".$enc4."' type='video/webm'>
<object data='".$enc1."' width='320' height='240'>
<embed src='".$enc2."' width='320' height='240'>
</object></video> ";
?>
The reason the video is not playing is because the file you specify in src does not exist, since it is the encoded string and not the actual filename.
Trying to "hide" a filename is pointless. If you want the videos to be watchable by users, the user needs some URL where he can access the file. The URL will always by definition be public and visible to the user, otherwise it could not be used to access anything. What that URL is exactly is totally up to you. It can be the real name of the file or some random id which you somehow associate with the file on the server. It doesn't matter to the user. All that matters is that the requested data is served when the URL is accessed.
If you want to show the file only to specific users, you're looking for an authorization system, not for obfuscating the URL.
By this way file not found error will occur try to do something given below.
You can do one thing make a function which reads video file in bytes n return to player just pass the video name n path to function n play video without any url like a streaming
Related
I have a img label embed a image path of mine public server, and show the image to users:
<img src="http://13.43.68.1:8000/img/gen/trafiic.png">
but this is security risk, because users can get my image source server(13.43.68.1).
So, is there any method to let users can not get the IP? such as cache the image data, just show the cached img data as src.
Edit-01
I am under the image.tpl, smarty template of PHP:
<div class="panel-body text-center">
<h4>Daily</h4>
<img width="360" src="http://13.43.68.1:8000/img/gen/trafiic.png.php?switch={$switch}&port={$portname}&cycle=-1d"><br><br>
<h4>Weekly</h4>
<img width="360" src="http://13.43.68.1:8000/img/gen/trafiic.png.php?switch={$switch}&port={$portname}&cycle=-1w"><br><br>
<h4>Monthly</h4>
<img width="360" src="http://13.43.68.1:8000/img/gen/trafiic.png.php?switch={$switch}&port={$portname}&cycle=-1m"><br><br>
</div>
in this case, how to hidden the src IP?
I'd say your IP being exposed is not particularly a security flaw. You can get the IP address of any server whether its backed by a hostname or not. I'd recommend purchasing a domain name (or mapping the subdomain of an existing domain) and pointing it using an A record to your image servers IP address.
You'd then be able to access your images by going to http://fakedomain.com:8000/img/gen/trafiic.png for example.
While you could convert all of your images to base64 and output them that way, your source code will grow - it's better to keep separate requests :)
Alternatives:
use a middle man such as Cloudflare to prevent exposing your IP address
base64 - but wouldn't recommend as its expensive on page load (but then depends on your needs)
use a script to generate and offload your graphs to somewhere like Amazon S3 and load from there.
If the source gives the image URL to you, you can get URL content and encode it in base64. Check the code below:
$imgURL = 'https://via.placeholder.com/350x150';
$imageData = file_get_contents($imgURL);
$imgSrc = 'data:image/png;base64,' . base64_encode($imageData);
return '<img src="'.$imgSrc.'">';
you could use this solution to convert your image to base64 and decode the base64 as src instead of using url
I'm trying to get the download source from a Google Drive file I own. I currently have this code:
$videoSRC = "https://www.googleapis.com/drive/v3/files/". $_GET['id']. "?alt=media&key=API_KEY_HERE";
echo '<video autoplay="" preload="auto" src="'. $videoSRC. '"></video>';
The problem is, when you look at the video source, it says the video source is "https://www.googleapis.com/drive/v3/files/GOOGLE_FILE_ID?alt=media&key=API_KEY_HERE". While it does display the video, I've seen that website have their video source as "https://redirector.googlevideo.com/videoplayback". How are they able to achieve this?
I suggest using the webContentLink of the file which is generated by using the Files.get.
Files.get uses the following URI request:
https://www.googleapis.com/drive/v3/files/fileId
Tried this on one of my file and got this webContentLink:
https://docs.google.com/uc?id=0Bzgk4zccNwI7MmJOYWs3SG1VUUE&export=download
You can pass this link in your GET request in PHP and see if it downloads the file.
I'm getting source file from a folder. When I select a ready-made mp3 file like song as src in audio tag, It works. But when I select a mp3 file(call recording file) created from base64 encoded string, I doesn't work. File is perfectly created as I checked in folder and played. Problem is that when I move curser on player, it becomes transparent just like an image. If anyone know answer then please explain with an example. Thank You. Here is my code.
<?php
$data = $_REQUEST['data'];
$filename = $_REQUEST['filename'] . ".3gpp";
$imei = $_REQUEST['imei'];
$dir = __DIR__ . "/recordings/";
$file = file_put_contents($dir . $filename, base64_decode($data));
$rloc = "recordings/" . $filename;
$str = "INSERT INTO recording(data, filename, imei) VALUES('$rloc', '$filename', '$imei')";
$qry = mysql_query($str);
?>
<html>
<audio controls autoplay="">
<source src="<?php echo $row['data']; ?>">
</audio>
</html>
You need to prefix the data:audio/mp3;base64, to the Data URI. Use this instead:
<audio controls autoplay="">
<source src="data:audio/mp3;base64,<?php echo $row['data']; ?>">
</audio>
I found this short example:
<audio controls autoplay>
<source src="horse.ogg" type="audio/ogg">
<source src="horse.mp3" type="audio/mpeg">
Your browser does not support the audio element.
</audio>
May it's helpful.
<audio controls="controls" autobuffer="autobuffer" autoplay="autoplay">
<source src="data:audio/wav;base64,UklGRhwMAABXQVZFZm10IBAAAAABAAEAgD4AAIA+AAABAAgAZGF0Ya4LAACAgICAgICAgICAgICAgICAgICAgICAgICAf3hxeH+AfXZ1eHx6dnR5fYGFgoOKi42aloubq6GOjI2Op7ythXJ0eYF5aV1AOFFib32HmZSHhpCalIiYi4SRkZaLfnhxaWptb21qaWBea2BRYmZTVmFgWFNXVVVhaGdbYGhZbXh1gXZ1goeIlot1k6yxtKaOkaWhq7KonKCZoaCjoKWuqqmurK6ztrO7tbTAvru/vb68vbW6vLGqsLOfm5yal5KKhoyBeHt2dXBnbmljVlJWUEBBPDw9Mi4zKRwhIBYaGRQcHBURGB0XFxwhGxocJSstMjg6PTc6PUxVV1lWV2JqaXN0coCHhIyPjpOenqWppK6xu72yxMu9us7Pw83Wy9nY29ve6OPr6uvs6ezu6ejk6erm3uPj3dbT1sjBzdDFuMHAt7m1r7W6qaCupJOTkpWPgHqAd3JrbGlnY1peX1hTUk9PTFRKR0RFQkRBRUVEQkdBPjs9Pzo6NT04Njs+PTxAPzo/Ojk6PEA5PUJAQD04PkRCREZLUk1KT1BRUVdXU1VRV1tZV1xgXltcXF9hXl9eY2VmZmlna3J0b3F3eHyBfX+JgIWJiouTlZCTmpybnqSgnqyrqrO3srK2uL2/u7jAwMLFxsfEv8XLzcrIy83JzcrP0s3M0dTP0drY1dPR1dzc19za19XX2dnU1NjU0dXPzdHQy8rMysfGxMLBvLu3ta+sraeioJ2YlI+MioeFfX55cnJsaWVjXVlbVE5RTktHRUVAPDw3NC8uLyknKSIiJiUdHiEeGx4eHRwZHB8cHiAfHh8eHSEhISMoJyMnKisrLCszNy8yOTg9QEJFRUVITVFOTlJVWltaXmNfX2ZqZ21xb3R3eHqAhoeJkZKTlZmhpJ6kqKeur6yxtLW1trW4t6+us7axrbK2tLa6ury7u7u9u7vCwb+/vr7Ev7y9v8G8vby6vru4uLq+tri8ubi5t7W4uLW5uLKxs7G0tLGwt7Wvs7avr7O0tLW4trS4uLO1trW1trm1tLm0r7Kyr66wramsqaKlp52bmpeWl5KQkImEhIB8fXh3eHJrbW5mYGNcWFhUUE1LRENDQUI9ODcxLy8vMCsqLCgoKCgpKScoKCYoKygpKyssLi0sLi0uMDIwMTIuLzQ0Njg4Njc8ODlBQ0A/RUdGSU5RUVFUV1pdXWFjZGdpbG1vcXJ2eXh6fICAgIWIio2OkJGSlJWanJqbnZ2cn6Kkp6enq62srbCysrO1uLy4uL+/vL7CwMHAvb/Cvbq9vLm5uba2t7Sysq+urqyqqaalpqShoJ+enZuamZqXlZWTkpGSkpCNjpCMioqLioiHhoeGhYSGg4GDhoKDg4GBg4GBgoGBgoOChISChISChIWDg4WEgoSEgYODgYGCgYGAgICAgX99f398fX18e3p6e3t7enp7fHx4e3x6e3x7fHx9fX59fn1+fX19fH19fnx9fn19fX18fHx7fHx6fH18fXx8fHx7fH1+fXx+f319fn19fn1+gH9+f4B/fn+AgICAgH+AgICAgIGAgICAgH9+f4B+f35+fn58e3t8e3p5eXh4d3Z1dHRzcXBvb21sbmxqaWhlZmVjYmFfX2BfXV1cXFxaWVlaWVlYV1hYV1hYWVhZWFlaWllbXFpbXV5fX15fYWJhYmNiYWJhYWJjZGVmZ2hqbG1ub3Fxc3V3dnd6e3t8e3x+f3+AgICAgoGBgoKDhISFh4aHiYqKi4uMjYyOj4+QkZKUlZWXmJmbm52enqCioqSlpqeoqaqrrK2ur7CxsrGys7O0tbW2tba3t7i3uLe4t7a3t7i3tre2tba1tLSzsrKysbCvrq2sq6qop6alo6OioJ+dnJqZmJeWlJKSkI+OjoyLioiIh4WEg4GBgH9+fXt6eXh3d3V0c3JxcG9ubWxsamppaWhnZmVlZGRjYmNiYWBhYGBfYF9fXl5fXl1dXVxdXF1dXF1cXF1cXF1dXV5dXV5fXl9eX19gYGFgYWJhYmFiY2NiY2RjZGNkZWRlZGVmZmVmZmVmZ2dmZ2hnaGhnaGloZ2hpaWhpamlqaWpqa2pra2xtbGxtbm1ubm5vcG9wcXBxcnFycnN0c3N0dXV2d3d4eHh5ent6e3x9fn5/f4CAgIGCg4SEhYaGh4iIiYqLi4uMjY2Oj5CQkZGSk5OUlJWWlpeYl5iZmZqbm5ybnJ2cnZ6en56fn6ChoKChoqGio6KjpKOko6SjpKWkpaSkpKSlpKWkpaSlpKSlpKOkpKOko6KioaKhoaCfoJ+enp2dnJybmpmZmJeXlpWUk5STkZGQj4+OjYyLioqJh4eGhYSEgoKBgIB/fn59fHt7enl5eHd3dnZ1dHRzc3JycXBxcG9vbm5tbWxrbGxraWppaWhpaGdnZ2dmZ2ZlZmVmZWRlZGVkY2RjZGNkZGRkZGRkZGRkZGRjZGRkY2RjZGNkZWRlZGVmZWZmZ2ZnZ2doaWhpaWpra2xsbW5tbm9ub29wcXFycnNzdHV1dXZ2d3d4eXl6enp7fHx9fX5+f4CAgIGAgYGCgoOEhISFhoWGhoeIh4iJiImKiYqLiouLjI2MjI2OjY6Pj46PkI+QkZCRkJGQkZGSkZKRkpGSkZGRkZKRkpKRkpGSkZKRkpGSkZKRkpGSkZCRkZCRkI+Qj5CPkI+Pjo+OjY6Njo2MjYyLjIuMi4qLioqJiomJiImIh4iHh4aHhoaFhoWFhIWEg4SDg4KDgoKBgoGAgYCBgICAgICAf4CAf39+f35/fn1+fX59fHx9fH18e3x7fHt6e3p7ent6e3p5enl6enl6eXp5eXl4eXh5eHl4eXh5eHl4eXh5eHh3eHh4d3h4d3h3d3h4d3l4eHd4d3h3eHd4d3h3eHh4eXh5eHl4eHl4eXh5enl6eXp5enl6eXp5ent6ent6e3x7fHx9fH18fX19fn1+fX5/fn9+f4B/gH+Af4CAgICAgIGAgYCBgoGCgYKCgoKDgoOEg4OEg4SFhIWEhYSFhoWGhYaHhoeHhoeGh4iHiIiHiImIiImKiYqJiYqJiouKi4qLiouKi4qLiouKi4qLiouKi4qLi4qLiouKi4qLiomJiomIiYiJiImIh4iIh4iHhoeGhYWGhYaFhIWEg4OEg4KDgoOCgYKBgIGAgICAgH+Af39+f359fn18fX19fHx8e3t6e3p7enl6eXp5enl6enl5eXh5eHh5eHl4eXh5eHl4eHd5eHd3eHl4d3h3eHd4d3h3eHh4d3h4d3h3d3h5eHl4eXh5eHl5eXp5enl6eXp7ent6e3p7e3t7fHt8e3x8fHx9fH1+fX59fn9+f35/gH+AgICAgICAgYGAgYKBgoGCgoKDgoOEg4SEhIWFhIWFhoWGhYaGhoaHhoeGh4aHhoeIh4iHiIeHiIeIh4iHiIeIiIiHiIeIh4iHiIiHiIeIh4iHiIeIh4eIh4eIh4aHh4aHhoeGh4aHhoWGhYaFhoWFhIWEhYSFhIWEhISDhIOEg4OCg4OCg4KDgYKCgYKCgYCBgIGAgYCBgICAgICAgICAf4B/f4B/gH+Af35/fn9+f35/fn1+fn19fn1+fX59fn19fX19fH18fXx9fH18fXx9fH18fXx8fHt8e3x7fHt8e3x7fHt8e3x7fHt8e3x7fHt8e3x7fHt8e3x8e3x7fHt8e3x7fHx8fXx9fH18fX5+fX59fn9+f35+f35/gH+Af4B/gICAgICAgICAgICAgYCBgIGAgIGAgYGBgoGCgYKBgoGCgYKBgoGCgoKDgoOCg4KDgoOCg4KDgoOCg4KDgoOCg4KDgoOCg4KDgoOCg4KDgoOCg4KDgoOCg4KDgoOCg4KDgoOCg4KCgoGCgYKBgoGCgYKBgoGCgYKBgoGCgYKBgoGCgYKBgoGCgYKBgoGCgYKBgoGBgYCBgIGAgYCBgIGAgYCBgIGAgYCBgIGAgYCBgIGAgYCAgICBgIGAgYCBgIGAgYCBgIGAgYCBgExJU1RCAAAASU5GT0lDUkQMAAAAMjAwOC0wOS0yMQAASUVORwMAAAAgAAABSVNGVBYAAABTb255IFNvdW5kIEZvcmdlIDguMAAA" />
</audio>
A Data URI takes the format:
data:[][;charset=][;base64],
The MIME-type specifies what type of data the URI contains.
The charset in which it is encoded.
last the encoded data
It looks like you are using wrong variable to set the source. You don't have $row['data'] defined in your php code. Maybe it should be $rloc instead:
<audio controls autoplay="">
<source src="<?php echo $rloc; ?>">
</audio>
Edit:
Did you convert uploaded file (3gpp) to other formats (mp3, ogg), or did you just rename it to a different extension? Looking at binary data at links you posted in comments to other answer this is your situation: all links you posted are exactly the same file, with different name. Binary, they are identical, just file name is different. Format details for the file which is on all your links are:
Format : MPEG-4
Format profile : 3GPP Media Release 4
Codec ID : 3gp4
You can not just change file extension and expect it will play in browser. You need to convert file to other format. You can use ffmpeg or any other conversion tool to convert from 3gpp to mp3 and ogg.
It is possible to use a Data URI for audio, as others have suggested. However, it's not a good idea. Not only are you adding 33% overhead for this encoding, and the CPU overhead on both ends, but there is a 1 MB limit which won't take long to hit with audio.
If you must serve your audio data this way, you can simply reference your PHP script which outputs nothing but raw binary audio data.
<audio src="/audio.php?id=12345"></audio>
Be sure to set the appropriate Content-Type header.
Finally, note that you have serious security issues in your code. As it stands right now, anyone can write pretty much whatever they want to whatever path they want on your hard drive, because you're letting them specify the filename on disk which can contain ../. Also, your SQL is subject to SQL injection attacks. Use prepared/parameterized queries to avoid this issue entirely.
I have one problem. I would like to order from (zip) files play video in such a way to get out connection so you can include it in HTML5 badge. As I gave an example. But this not working.
<?php $video = fopen('zip://video.zip#video.mp4', 'r'); ?>
<video>
<source src='<? echo $video; ?>' type='video/mp4' />
</video>
$video in the above code is just a server-side file handle you could use to read the file from the zip. It's not directly usable for the browser.
You'll need to handle reading the file and returning it in a separate HTTP request. Usually you'd use a second script for this. (Or if your video is relatively small, you might be able to use data urls, but it's not something I'd try to do.) Additionally, if you want to allow for byte range requests, you'd have to handle that yourself in your video serving logic.
Here's a fairly simple scenario:
My videos.zip file contains a couple of different videos, and I want to retrieve a specific one and show it on a page called video.php
First I have my viewer, say video.php, [edit: containing the video tag and with a URL to my second script as the source. Since I might want to serve the other file at some point, I set it up to accept a filename in the v query parameter.]
..some html/php..
<video>
<source src='zipserve.php?v=itsrainintoast.mp4' type='video/mp4' />
</video>
..more html/php..
Then, in zipserve.php I have something like this:
$filename = $_GET['v']; //You probably want to check that this exists first, btw.
$fp = fopen('zip://videos.zip#'.$filename, 'r');
if($fp)
{
header('content-type: video/mp4');
//Note: you should probably also output an appropriate content-length header.
while(!feof($fp))
{
echo fread($fp, 8196);
}
fclose($fp);
}
else
{
echo 'Some error message here.';
}
--Addendum--
It should also be noted that this'll require the zip php extension to be enabled.
A more complete example of a video fetching script with range handling and the like can be found in the question at mp4 from PHP - Not playing in HTML5 Video tag but you'd need to tweak it to allow reading from the zip file.
I'm developing a web application to transform images uploaded by the user.
When the user changes the image, it is saved with an other name in the server and served again to the client, like an img tag.
I have a problem when going back to the previous image. The actual image is deleted, and the new image is the previous. But when it is changed again by the user, the image shown isn't the new image, but the deleted image before go back. However, the image shown does not exist. I guess it is cached by the browser, but don't know how to prevent this.
Example:
$image1 = imagefirst.jpg
$image2 = imagechanged.jpg
//Going back:
$image3 = imagefirst.jpg
//imagechanged.jpg is deleted
//change again the image
$image4 = imagechanged.jpg
//serve to the client
<img src="imagefirst.jpg">
//the image shown isn't the new one saved in the server, but the image deleted previously.
Simply add random number to image's src property:
<!-- 759293475438 generated randomly each time -->
<img src='imagefirst.jpg?759293475438'/>
-to do this, you can use mt_rand() in PHP.
A simple solution to this problem would be to add a random string to the image to force the browser to request for a new image every time. You can use uniqid(), rand(), or time() for this purpose:
echo "<img src='imagefirst.jpg?version=".time()."'/>";
This will produce output similar to:
<img src='imagefirst.jpg?version=1378811671' />
As the query string is unique, the image would appear different to the browser.