I'm trying to figure out a way to use our mysql DB to help randomly grab a sound file and then play it as background sound or whatever on a page when it opens without the user being able to go directly to the sound file's location and download the rest of them.
It looks like regular old HTML has all I need to be able to play the sound files:
Now I know that I could just write some simple PHP code to get a list of all the sound files and then randomly put one in the above tag and that would work fine. Trouble is that my supervisor is completley paranoid and doesn't want anyone to be able to directly download any sound files. So I'm trying to figure out a way to keep the files more or less out of reach of the user so that they can't just type in the URL and download away. I was thinking about putting the files in our mysql DB but don;t think that is really a good way to deal with this.
Is there a decent way to put the file paths into the mysql DB and yet keep the files themselves more or less from being directly downloadable?
You can just have the embed reference a script. That script looks at the database, finds one to use, and sends the file through itself. This doesn't give the user anything to reference the file other than the script. No id number shows or anything, so there's no way to guess the location.
If possible, store the files outside the document root, or in a unfetchable directory off the document root. This will fix any hotlink potential for it.
I've got the sound files stored in a sub directory of the root dir (sounds/) but I'm not sure how to impliment what you're talking about with mysql being able to pass back the file itself. I was looking around with our mysql admin utility and didn't see any field to be able to insert a file or setup a table to hold files. Do you know of any how-to sites or places that have example code for storing/getting files from mysql?
The way they originally implemented it is using javascript and this actually sits in a "hidden" I-frame (I hate i frames):
<SCRIPT LANGUAGE="JavaScript">
var theImages = new Array();
theImagesї0] = 'images/sound01.swf'
theImagesї1] = 'images/sound02.swf'
theImagesї2] = 'images/sound03.swf'
theImagesї3] = 'images/sound04.swf'
theImagesї4] = 'images/sound05.swf'
theImagesї5] = 'images/sound06.swf'
theImagesї6] = 'images/sound07.swf'
theImagesї7] = 'images/sound08.swf'
theImagesї8] = 'images/sound09.swf'
theImagesї9] = 'images/sound10.swf'
theImagesї10] = 'images/sound11.swf'
theImagesї11] = 'images/pt.swf'
theImagesї12] = 'images/sound12.swf'
theImagesї13] = 'images/sound13.swf'
theImagesї14] = 'images/sound14.swf'
var j = 0
var num_images = theImages.length;
var preBuffer = new Array()
for (ctr = 0; ctr < num_images; ctr++){
preBufferїctr] = new Image()
preBufferїctr].src = theImagesїctr]
}
var whichImage = Math.round(Math.random()*(num_images - 1));
function showImage(){
document.write('<embed src="'+theImagesїwhichImage]+'" width="1" height="1"></embed>');
}
</script>
Of course right now that is playing flash files that only contain sound in the i-frame. I'm wanting to get rid of the i-frame and flash files and just use wav files with HTML and pull them from mysql. And on top of that a user can easily look at the source code and then tag on the appropriate URL and get any/all sound files.
OK. Then to keep users from accessing those files, how is that done with file permissions or is it? Right now all the files are in the www group, anyone can access them from the web. What would I set them too?
Any good place to go see .htaccess how-tos for limiting directory access? The apache site really stinks at explaining it and I've yet to come across a good site that shows all options and how to use each one. I ended up starting up another thread for this one here: viewtopic.php?t=31386