Encrypting/Hiding source code

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

spacebiscuit
Forum Contributor
Posts: 390
Joined: Mon Mar 07, 2005 3:20 pm

Encrypting/Hiding source code

Post by spacebiscuit »

Hi,

I have a javascript flash movie player on my Webpage and I am trying to hide the name of the file being played. At present all the user needs to do is view the source in order to see.

I have tried putting the javascript into a php function and external file, this works but when the user views the source it dispalys the correct html/javascript source.

Is there anyway to display something different in the source without affecting the filename.

This is driving me nuts - any feedback would be appreciated - thanks!

Rob.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Simply put the file outside your webroot and use an intermediary script to fetch the content. Problem solved.
spacebiscuit
Forum Contributor
Posts: 390
Joined: Mon Mar 07, 2005 3:20 pm

Post by spacebiscuit »

Many thanks for the reply, would you care to elaborate a little as I don't quite understand you solution.

Thanks,

Rob.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

readfile() may be of interest.

You'll need to use header() too.
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

Jcart is saying that you should put the files you want to stay safe, in the root folder of your webserver, instead of the public_html or www folder.

You would need to use include() to get them, the people will never be able to download the file off the webserver, because they cant access the folder.
spacebiscuit
Forum Contributor
Posts: 390
Joined: Mon Mar 07, 2005 3:20 pm

Post by spacebiscuit »

Ok I think I understand..........

I believe include and require are identical - they differ only in how they handle errors. I use include a lot so let's go with that.

How would I refer to a location such as the web root, usually I do the following, which refers to relative locations

Code: Select all

require'../myfile.php';
Thanks,

Rob.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Try some stuff. :)
spacebiscuit
Forum Contributor
Posts: 390
Joined: Mon Mar 07, 2005 3:20 pm

Post by spacebiscuit »

Guys,

Ok i have played around with 'include' but it seems if I put the file outside of the web root my flash player cannot access the file.

The php file and flash player are in the following location:

http://www.mydomain/dir1/dir2/dir3/dir4/index.php

I call the flash player and file to be played as follows:

flashvars:"file=../../../../../../<? echo "$filename"; ?>.flv

In this case the file is one above the webroot. But the file does not play.

I know that all works correctly because if I put the file one directroy up (the web root) and change the line of code to:

flashvars:"file=../../../../../<? echo "$filename"; ?>.flv

It works, but of course now it accessible to everyone. I cannot see how if the file is inaccessible to users it is not also inaccessible to flash player?

It suggestions or pointers would be appreciated.

Thanks,

Rob.
User avatar
Jaxolotl
Forum Contributor
Posts: 137
Joined: Mon Nov 13, 2006 4:19 am
Location: Argentina and Italy

Post by Jaxolotl »

Are you using a Databse to memorize the path to the *.flv files?

If you do you may use a combination of the FlashVars parameter passing an ID and use LoadVars function on actionscripting.

This is a fast example

Code: Select all

<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="400" height="300">
			<param name="movie" value="my_player.swf">
			<param name="quality" value="best">
			<param name="FlashVars" VALUE="fileID=1">
			<embed src="my_player.swf.swf" FlashVars="fileID=1"  quality="best" bgcolor="#FFFFFF" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"  width="400" height="300"></embed>
			</object>
With FlashVars you send the ID to flash. It will use it to send it as a GET var to a PHP file to make the DB query

Code: Select all

/// THIS IS YOUR FLASH VIDEO OR AUDIO PLAYER
my_string = new LoadVars();
my_string.path = this;
my_string.onLoad = function(success) {
	if (success) {
		_root.playIt = this.foo;
// _root.playIt WILL BE THE PATH TO YOUR FLV FILE TO PLAY
		//trace(_root.playIt); //debug
	} else { //error
	}
	
};
theFilePath = "http://127.0.0.1/test.php?giveMeThePathOfID="+_root.fileID; // SEE HERE THE FlashVars sended
my_string.load(theFilePath);
stop();

now the PHP file

Code: Select all

<?php
 $query = "SELECT path FROM my_movies WHERE id='".(int)$_REQUEST['giveMeThePathOfID']."'";
 #######
 #
 #  HERE YOUR DB CONNECTION FUNTION AS MINE BELOW
 #
 ######
  sql_select($query,$results);
  while ($my_path = mysql_fetch_row($results)){
    print("&foo=".$my_path['path']); // for example flv/funny/my_face_in_the_morning.flv
  }
?>
Just an example but could be usefull.
ofcourse all the security and validation controls MUST be done
spacebiscuit
Forum Contributor
Posts: 390
Joined: Mon Mar 07, 2005 3:20 pm

Post by spacebiscuit »

Jaxolotl,

Thanks for you reply, I am not using a database to store the dir of the file to be played. You solution is a little too in depth for me - I really cannot follow what you are doing.

I have tried putting the javascript for the player into a function and placing the file outside of the web root along with the .flv file and all necessary files but still without success. It seems that although I can reference and access a file with php extension outisde of the webroot it does not work with .flv extension.

Any more suggestions?

Thanks.

Rob.
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

check the manual for the readfile() function - it may be the missing link here
spacebiscuit
Forum Contributor
Posts: 390
Joined: Mon Mar 07, 2005 3:20 pm

Post by spacebiscuit »

So are you suggesting a write the file I want to play to the output buffer?

Will the size of the video (aorund 60mb) be an issue?

Rob.
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

what I'm suggesting is essentially that, yes. The filesize is not an issue.

That way you can do all your authenticating in PHP, then retrieve your file from outside the webroot and read it directly to the output.

Note: You'll want to add your own header with the header() function.
spacebiscuit
Forum Contributor
Posts: 390
Joined: Mon Mar 07, 2005 3:20 pm

Post by spacebiscuit »

So will readfile enable me to access a file outsdie of the Webroot?

Can you give me some hints regarding the header as I am a little unsure why I need this.

I will have a play around with this later.

Rob.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You'll need to send the Content-type header.
Post Reply