Using mysql to store files for playing?

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
User avatar
pthomas
Forum Commoner
Posts: 68
Joined: Wed Jan 19, 2005 11:28 am
Location: Cincinnati, OH

Using mysql to store files for playing?

Post by pthomas »

I'm trying to figure out a way to use our mysql DB to help randomly grab a sound file and then play it as background sound or whatever on a page when it opens without the user being able to go directly to the sound file's location and download the rest of them.

It looks like regular old HTML has all I need to be able to play the sound files:

Code: Select all

<embed src="filename.ext" width=x height=x autoplay=x hidden=x loop=x volume=x></embed>
Now I know that I could just write some simple PHP code to get a list of all the sound files and then randomly put one in the above tag and that would work fine. Trouble is that my supervisor is completley paranoid and doesn't want anyone to be able to directly download any sound files. So I'm trying to figure out a way to keep the files more or less out of reach of the user so that they can't just type in the URL and download away. I was thinking about putting the files in our mysql DB but don;t think that is really a good way to deal with this.

Is there a decent way to put the file paths into the mysql DB and yet keep the files themselves more or less from being directly downloadable?

thanks,
Paul
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You can just have the embed reference a script. That script looks at the database, finds one to use, and sends the file through itself. This doesn't give the user anything to reference the file other than the script. No id number shows or anything, so there's no way to guess the location.

If possible, store the files outside the document root, or in a unfetchable directory off the document root. This will fix any hotlink potential for it.
User avatar
pthomas
Forum Commoner
Posts: 68
Joined: Wed Jan 19, 2005 11:28 am
Location: Cincinnati, OH

Post by pthomas »

I've got the sound files stored in a sub directory of the root dir (sounds/) but I'm not sure how to impliment what you're talking about with mysql being able to pass back the file itself. I was looking around with our mysql admin utility and didn't see any field to be able to insert a file or setup a table to hold files. Do you know of any how-to sites or places that have example code for storing/getting files from mysql?

The way they originally implemented it is using javascript and this actually sits in a "hidden" I-frame (I hate i frames):

Code: Select all

<SCRIPT LANGUAGE="JavaScript">
var theImages = new Array();

theImages&#1111;0] = 'images/sound01.swf'
theImages&#1111;1] = 'images/sound02.swf'
theImages&#1111;2] = 'images/sound03.swf'
theImages&#1111;3] = 'images/sound04.swf'
theImages&#1111;4] = 'images/sound05.swf'
theImages&#1111;5] = 'images/sound06.swf'
theImages&#1111;6] = 'images/sound07.swf'
theImages&#1111;7] = 'images/sound08.swf'
theImages&#1111;8] = 'images/sound09.swf'
theImages&#1111;9] = 'images/sound10.swf'
theImages&#1111;10] = 'images/sound11.swf'
theImages&#1111;11] = 'images/pt.swf'
theImages&#1111;12] = 'images/sound12.swf'
theImages&#1111;13] = 'images/sound13.swf'
theImages&#1111;14] = 'images/sound14.swf'

var j = 0
var num_images = theImages.length;
var preBuffer = new Array()
for (ctr = 0; ctr < num_images; ctr++){
   preBuffer&#1111;ctr] = new Image()
   preBuffer&#1111;ctr].src = theImages&#1111;ctr]
}
var whichImage = Math.round(Math.random()*(num_images - 1));
function showImage(){
document.write('<embed src="'+theImages&#1111;whichImage]+'" width="1" height="1"></embed>');
}
</script>
Of course right now that is playing flash files that only contain sound in the i-frame. I'm wanting to get rid of the i-frame and flash files and just use wav files with HTML and pull them from mysql. And on top of that a user can easily look at the source code and then tag on the appropriate URL and get any/all sound files.

Paul
User avatar
pthomas
Forum Commoner
Posts: 68
Joined: Wed Jan 19, 2005 11:28 am
Location: Cincinnati, OH

Post by pthomas »

Ignore tha post above, I'm starting to ramble!

My two most wanted answered questions are:
1) How do I store files in a mysql DB and then get them and use or referr to them?

2) Or is it better to store only the pathname in the DB and then have the file in some dir the user can;t get too (howerver thats done...)?

Paul
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

as I eluded to, store the path information.
User avatar
pthomas
Forum Commoner
Posts: 68
Joined: Wed Jan 19, 2005 11:28 am
Location: Cincinnati, OH

Post by pthomas »

OK. Then to keep users from accessing those files, how is that done with file permissions or is it? Right now all the files are in the www group, anyone can access them from the web. What would I set them too?

Thanks,
Paul
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I believe just placing an .htaccess in the folder with deny from all will do it.. Although it's been a while since I've screwed around with that.
User avatar
pthomas
Forum Commoner
Posts: 68
Joined: Wed Jan 19, 2005 11:28 am
Location: Cincinnati, OH

Post by pthomas »

Any good place to go see .htaccess how-tos for limiting directory access? The apache site really stinks at explaining it and I've yet to come across a good site that shows all options and how to use each one. I ended up starting up another thread for this one here:
viewtopic.php?t=31386

Paul
Post Reply