So would like to do: get an flv file from a protected directory and feed it to a swf embedded player as a parameter using PHP.
Is this possible?
Sending the contents of the file to the embedded player does not seem to work.
Well, since the player requires that the client fetches both the player and the FLV from the server, I suspect that this would require a temporary location from which the FLV is made accessible to the user via a URL. The most obvious solution is to create an expiring URL that times out in a reasonable amount of time, preventing users from linking directly to the FLV. I'm not sure if there's a way to keep it protected beyond this without embedding the address to the file in the flash itself dynamically - basically, you can't use a general purpose player that takes a URL for the FLV as a parameter if additional protection is required.
Edit: Here is a potential solution using the JW player: Code URL in V4 for protection against leechers
And here is another possible solution along the lines of my original comment: Flashcomguru.com: 'Streaming' flv video via PHP, take two
The Flashcomguru link look promising, not sure I understand this stuff however.
I'm not a Flash guy but I know someone that may be able to help.
I'm also not sure how to create a 'create an expiring URL"
Not sure what you mean with "feed it to a swf embedded player as a parameter using PHP", but looks like what you want to do is this:
Store your flv file somewhere outside the DocumentRoot in your server.
Create a PHP script that based on some parameter, reads the flv file and serves it. I'm assuming that you are planning to have some authentication in this php script to prevent anyone from just calling your PHP script and getting the flv as if it was in the DocumentRoot
Create an swf clip that will call the PHP script to retrieve the flv to the client.
If that is what you want, the part of the script in 2 that reads and serves the flv should be pretty straight forward using the standard file accessing functions from the PHP API and setting the appropriate content-type header before echoing it out.
Related
This is going to sound like an odd request.
I have a PHP script pulling a mp3 stream from SoundCloud and repeating the stream with the correct headers to allow WinAmp to play the file. But it only shows the local url I have the script running from. Before anyone asks, I am injecting ID3v1 into the file before echoing it.
Is there any way to provide WinAmp with the meta data from php?
Just to clarify, you are effectively proxying an MP3 file from SoundCloud, and you want to embed metadata into it?
Winamp will pick up ID3 tags in an HTTP-served MP3 file. However, if you are using ID3v1, those tags don't exist until the very end of the file. If you want the file to be identified without having to download the whole file, you must use ID3v2 which are typically located at the beginning of the file. (I actually recommend using both ID3v1 and ID3v2 for broader player compatibility, but almost everything supports ID3v2, so it is your choice.)
Now, there is another method but if you use this method the metadata won't be saved in the file when downloaded. You can use SHOUTcast-style metadata. Basically, Winamp and other clients (like VLC) send a request header, Icy-MetaData: 1. This tells the server that it supports SHOUTcast-style metadata. In your server response, you would insert metadata every 8KB or so. Basically, you want the reverse of what I have detailed here: https://stackoverflow.com/a/4914538/362536
In the end, simply adding ID3v2 tags will solve your problem in the best way, but I wanted to mention the alternative option in case you needed it for something else.
Currently working on an offshoot of the idea more adequately addressed here.
Creating a Secure File Hosting Server for PDFs
I'm developing a secure PDF hosting website where certain users can download certain PDF's that I have stored outside of the webroot to prevent people from accessing documents they shouldn't access.
I've got the download working using the first solution, but I want to implement a 'view/preview' feature too. I still don't get content headers as well as I should but I believe what is causing the bulk of my issues is I can't put a 'src' attribute on the embed/object/iframe/whatever. And that's kind of the point of the system.
My question is, is there any way to feed a file (as opposed to a url) to an embed/object? I would like to keep my current system and I'm going for simplicity at the moment so the easier the better.
I saw Recommended way to embed PDF in HTML? and will probably check out pdf.js if I'm trying something that isn't doable.
I have not yet had the chance to play with pdf.js, but it either that or a flash player of some sort.
Or you rely on the browser to display it has a webpage and you can iframe it, but that's so lame... it would work only for a fraction of you users.
PDF2SWF - convert PDF to SWF ( 1 page = 1 SWF).
Use other SWF (reader) to load SWF pages via XML or something else.
Use $_SESSION to store ID of PDF document which should be served through e.g. /preview (same link for previewing all documents)
Don't serve original PDF, put a watermark, or make them low-res.
Otherwise, your PDF will never be "secure".
http://www.swftools.org/
I'm trying to capture some images from an old database.
When writing scrapers, I use ruby (but am comfortable with php as well) to directly open() a website and read its contents. I sometimes also use the script to call the appropriate curl ... command.
However, the database I'm scraping some pieces out of returns a page and then embeds the target image with an image name using a series of random numbers I assume by the server side script. For example:
<img ... show_image.jsp?343523.jpg
However, I cannot call this show_image script directly (denied), it only works when embedded in the website as a whole.
Can I use curl, or within ruby or php do something download the entire page, for example, 1929.2.14.aspx in such a way that it includes the embedded image generated by show_image.jsp?343523.jpg?
If I simply curl the aspx file directly, I naturally just get the html - how might one save both the html and embedded image via scripting in the manner that a browser-based "web archive" feature works manually?
Any tips, links to tutorials, etc. appreciated...
You should probably be using mechanize to scrape websites in ruby. When you do it will set cookies and referer for you so getting the image will be as easy as:
agent.get(image_url).save_as 'local_filename.jpg'
If the script (show_image.jsp - for example) is doing a simple referrer check, you may be able to work around it by writing your PHP (or Ruby) scraper in such a way so as to set the referrer before making the GET:
curl --referer http://www.example.com http://www.example.com/show_image.jsp?bar.jpg
Is there anyway to hide .swf path showing up from webpage?
you can use a php script something like getswf.php?name=flash.swf in your flash tags. Then create getswf.php script to respond with output of flash.swf file, and keep flash.swf file in a directory outside of public directory.
There may be ways to make it difficult to view. However, nothing you do can stop an intelligent adversary from using a tool like Fiddler to monitor web traffic and undo all your obfuscation.
I think this is a fairly pointless exercise. Any resource that gets sent to a browser, be it an image, sound, flash movie, even flv files loaded by the YouTube player, can all be saved to disk fairly easily.
As Justin mentions, Fiddler can achieve this easily.
As others answered it there are ways to do it using your script. If you are looking for a paid option check this out Media Vault.
Hiding the URL to the swf file might be quite a challenge but there are other things you can do if you're wanting to more closely protect the video/data being displayed by the swf.
I'll run through a couple of ideas in the order I think them most obfuscated with the least first. Bare in mind that most of these techniques merely make it harder to get to the information/video rather than making it impossible to obtain.
The main idea most sites tend to follow is that of having the swf as a player and the content in another file somewhere else, usually an flv or mp4 etc.
Add flv location through Javascript
This technique is as basic as it sounds. You have your swf player on the page and pass a new variable too it (such as 'file') with the location to the flv file using Javascript. If you're already loading your content with some kind of JS flash module then all the easier to begin implimenting.
Obfuscating flv location through XML
Another techniqe I've seen used quite recently is that of having an XML document as a paremeter to the swf player and then the flash player itself resolves the URL of the flv from a node in the XML. It's easy to get to the flv URL if you want to but it does make it that little bit harder.
Token access
This technique can be used in conjunction with any of the above two. You basically ensure that your flv files can only be accessed with the use of a special token otherwise the page returns a HTTP error. The token would be understood by the flash player and the server and upon the player making a request for the flv, a token must be included (usuallu the token itself is obfuscated in some way that it cannot be easily mimmicked through a simple GET request).
Domain access
Very similar to the above however in this case, the flv file will only be loaded when the requesting URL is a specific site. All other requests will be denied (such as directly hitting the flv location in your browser.
As stated above, none of these methods make it impossible to get hold of your flash material. If it's on the web (or any network for that matter), it's possibly a target. You'll usually find for most things that making it harder to obtain will deter a lot of those who would otherwise have been privy to downloading your content.
Completely hiding the URL to the swf
If your only criteria is to hide the URL then hiding it behind a URL rewrite is the best option I can think of.
Your swf might be at /location/flash/player.swf?file=summer.flv and then you could do a URL rewrite to something like /vacations/summer2011/.
This way the URL to the swf is completely hidden away and this should satisfy your desire to hide the swf path.
The answer is NO.
You may not want to believe it. but it is a fact. you can do all you like to obfuscate it. but the browser needs to find it. if the browser can find it so can anyone else.
A server side script that acts as a loader will hide the real path to the file, but to what purpose. the end result is the file is still available.
If you want a simple answer, so simple people can't find it then the people here have given you some suggestions. obfuscation is the best you can hope to achieve.
Alternately only allow approved users access to the file. that way they need to log in to get access to it. but if you want it available publicly then its well, public!
DC
I'm building a streaming video site. The idea is that the customers should pay for a membership, login to the system, and be able to view the videos. I'm going with FlowPlayer for showing the actual videos.
The problem now is, the videos need to be stored somewhere publically and the url to the .flv files needs to be passed to flowplayer for it to be able to show them. This creates a problem because anyone can do a view source, download the video, and distribute it all across the internet.
I know some people serve images using php by doing an image header() and then they can do something like:
<img src="image.php?userId=1828&img=test.gif" />
The php script validates the user ID and serves up the .gif and the actual url of the gif is never revealed.
Is there anyway to do this with .flv or any other video format also? E.g, the file and user ID passed onto the PHP script, it validates them, and returns the video?
You can set up a directory containing the FLV files on your webserver that can only be accessed by PHP, then in your PHP script you can authenticate the user as usual and simply send a header to the browser telling it to expect an FLV, then echo the raw FLV data:
<?php
// here is where
// you want your
// user authentication
if ($isAuthenticated)
{
header("Content-type: video/flv");
echo file_get_contents($pathToFLV);
}
?>
As Chad Birch discussed, this will only prevent people from linking directly to the video - you can't prevent piracy this way.
The short answer is that no, you're never going to be able to prevent people from downloading your videos if they want to. There are various ways to make it trickier for them to do it, but there's no foolproof method. You're hitting what is basically the entire problem with DRM - you can't show someone your content without giving it to them unencrypted at some point, and if they can view it, they can rip it.
Since your flv player is a flash application, it will always be possible to download and decompile it. When decompiled the actual url to the flv will be visible. So it won't really make any difference if you are using direct url's to the flv movies or something like you described in your question
<img src="image.php?userId=1828&img=test.gif" />
Please google the word Pseudostreaming you will get the answer
There are some servers like lighttpd which has inherent support for flv streaming....
I hope you will get the answer.........
Apache with mod_flvx module also has similar effect like lighttpd.