Page 1 of 2

Encrypting/Hiding source code

Posted: Wed Jan 03, 2007 4:35 pm
by spacebiscuit
Hi,

I have a javascript flash movie player on my Webpage and I am trying to hide the name of the file being played. At present all the user needs to do is view the source in order to see.

I have tried putting the javascript into a php function and external file, this works but when the user views the source it dispalys the correct html/javascript source.

Is there anyway to display something different in the source without affecting the filename.

This is driving me nuts - any feedback would be appreciated - thanks!

Rob.

Posted: Wed Jan 03, 2007 5:03 pm
by John Cartwright
Simply put the file outside your webroot and use an intermediary script to fetch the content. Problem solved.

Posted: Wed Jan 03, 2007 5:18 pm
by spacebiscuit
Many thanks for the reply, would you care to elaborate a little as I don't quite understand you solution.

Thanks,

Rob.

Posted: Wed Jan 03, 2007 5:33 pm
by feyd
readfile() may be of interest.

You'll need to use header() too.

Posted: Wed Jan 03, 2007 5:35 pm
by nickman013
Jcart is saying that you should put the files you want to stay safe, in the root folder of your webserver, instead of the public_html or www folder.

You would need to use include() to get them, the people will never be able to download the file off the webserver, because they cant access the folder.

Posted: Wed Jan 03, 2007 5:42 pm
by spacebiscuit
Ok I think I understand..........

I believe include and require are identical - they differ only in how they handle errors. I use include a lot so let's go with that.

How would I refer to a location such as the web root, usually I do the following, which refers to relative locations

Code: Select all

require'../myfile.php';
Thanks,

Rob.

Posted: Wed Jan 03, 2007 5:46 pm
by feyd
Try some stuff. :)

Posted: Thu Jan 04, 2007 6:02 am
by spacebiscuit
Guys,

Ok i have played around with 'include' but it seems if I put the file outside of the web root my flash player cannot access the file.

The php file and flash player are in the following location:

http://www.mydomain/dir1/dir2/dir3/dir4/index.php

I call the flash player and file to be played as follows:

flashvars:"file=../../../../../../<? echo "$filename"; ?>.flv

In this case the file is one above the webroot. But the file does not play.

I know that all works correctly because if I put the file one directroy up (the web root) and change the line of code to:

flashvars:"file=../../../../../<? echo "$filename"; ?>.flv

It works, but of course now it accessible to everyone. I cannot see how if the file is inaccessible to users it is not also inaccessible to flash player?

It suggestions or pointers would be appreciated.

Thanks,

Rob.

Posted: Thu Jan 04, 2007 8:05 am
by Jaxolotl
Are you using a Databse to memorize the path to the *.flv files?

If you do you may use a combination of the FlashVars parameter passing an ID and use LoadVars function on actionscripting.

This is a fast example

Code: Select all

<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="400" height="300">
			<param name="movie" value="my_player.swf">
			<param name="quality" value="best">
			<param name="FlashVars" VALUE="fileID=1">
			<embed src="my_player.swf.swf" FlashVars="fileID=1"  quality="best" bgcolor="#FFFFFF" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"  width="400" height="300"></embed>
			</object>
With FlashVars you send the ID to flash. It will use it to send it as a GET var to a PHP file to make the DB query

Code: Select all

/// THIS IS YOUR FLASH VIDEO OR AUDIO PLAYER
my_string = new LoadVars();
my_string.path = this;
my_string.onLoad = function(success) {
	if (success) {
		_root.playIt = this.foo;
// _root.playIt WILL BE THE PATH TO YOUR FLV FILE TO PLAY
		//trace(_root.playIt); //debug
	} else { //error
	}
	
};
theFilePath = "http://127.0.0.1/test.php?giveMeThePathOfID="+_root.fileID; // SEE HERE THE FlashVars sended
my_string.load(theFilePath);
stop();

now the PHP file

Code: Select all

<?php
 $query = "SELECT path FROM my_movies WHERE id='".(int)$_REQUEST['giveMeThePathOfID']."'";
 #######
 #
 #  HERE YOUR DB CONNECTION FUNTION AS MINE BELOW
 #
 ######
  sql_select($query,$results);
  while ($my_path = mysql_fetch_row($results)){
    print("&foo=".$my_path['path']); // for example flv/funny/my_face_in_the_morning.flv
  }
?>
Just an example but could be usefull.
ofcourse all the security and validation controls MUST be done

Posted: Thu Jan 04, 2007 10:58 am
by spacebiscuit
Jaxolotl,

Thanks for you reply, I am not using a database to store the dir of the file to be played. You solution is a little too in depth for me - I really cannot follow what you are doing.

I have tried putting the javascript for the player into a function and placing the file outside of the web root along with the .flv file and all necessary files but still without success. It seems that although I can reference and access a file with php extension outisde of the webroot it does not work with .flv extension.

Any more suggestions?

Thanks.

Rob.

Posted: Thu Jan 04, 2007 11:02 am
by Kieran Huggins
check the manual for the readfile() function - it may be the missing link here

Posted: Thu Jan 04, 2007 11:15 am
by spacebiscuit
So are you suggesting a write the file I want to play to the output buffer?

Will the size of the video (aorund 60mb) be an issue?

Rob.

Posted: Thu Jan 04, 2007 12:07 pm
by Kieran Huggins
what I'm suggesting is essentially that, yes. The filesize is not an issue.

That way you can do all your authenticating in PHP, then retrieve your file from outside the webroot and read it directly to the output.

Note: You'll want to add your own header with the header() function.

Posted: Thu Jan 04, 2007 12:22 pm
by spacebiscuit
So will readfile enable me to access a file outsdie of the Webroot?

Can you give me some hints regarding the header as I am a little unsure why I need this.

I will have a play around with this later.

Rob.

Posted: Thu Jan 04, 2007 12:30 pm
by feyd
You'll need to send the Content-type header.