Page 1 of 1

Protecting .Gif and .WMV files

Posted: Tue Jun 20, 2006 7:37 pm
by Dougwa
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi there,

In order to protect .wmvs, and .gifs from being viewed except by being logged in I've written a few php scripts. 

i.e /tester/test.wmv will show the correct video when logged in, and a "You are not logged in" video otherwise

To do this i've configured IIS to pass all .gif and .wmv through php-cgi.exe.

I have a dummy file test.wmv which contains session verification,
and outputs the real file, something like this

Code: Select all

<?php

session_start();

    header("Cache-control: private");
    header("Content-type: video/x-ms-wmv");

    if(isset($_SESSION['name'])){ 
        $file = 'content\test.wmv';
        $fh = fopen($file, 'r');
        $data = fread($fh, filesize($file));
        echo $data;
        fclose($file);
    } else {
        $file = 'content\error.wmv';
        $fh = fopen($file, 'r');
        $data = fread($fh, filesize($file));
        echo $data;
        fclose($file);
    }
?>
Which will then restrict the video to logged in messages.

My problem is this, when I load the page in internet explorer, It works correctly and displays the logged in images / videos whilst logged in, and the error pictures otherwise.

However in Firefox it does not work for the video. I did a tcptrace and discovered that it is not passing the PHPSESSID cookie when it calls the server for the video (the second time)

Source code to my problem
http://dougwa.freepgs.com/test.zip

you will need to configure your server to use php for .gif and .wmvs to get it to work

Thanks ahead of time


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Jun 20, 2006 9:04 pm
by Robert Plank
Did you try, in the link to the video, force passing the session ID as a query string instead of as a cookie...

Posted: Tue Jun 20, 2006 9:08 pm
by Dougwa
Yes, i've tried doing that. The problem is firefox makes 3 calls to the server

1) FIREFOX
REQUEST web page

SERVER
Web page + gif data + setcookie PHPSESSID

2) FIREFOX
REQUEST AVI + cookie PHPSESSID = %garbledeegook%

SERVER
Avi data

3) FIREFOX
REQUEST AVI from what looks like a plugin

SERVER
Avi data + setcookie PHPSESSID

PS thanks for the reply, the mozilla forums didnt have much advice for me :p !

Posted: Tue Jun 20, 2006 11:09 pm
by John Cartwright
You could simply store the files outside the web directory, and serve them through a php script.. ie.media.php?fileid=somevideo.avi since php will have access to the folder while your users never will. This way you can easily control the user permission settings, instead of relying on server settings and such.

Posted: Sun Jun 25, 2006 9:47 pm
by Dougwa
Hi and thanks for your help.

I've changed it to use a php script as mentioned above
the html code is

Code: Select all

<HTML>
    <HEAD>
    </HEAD>
    <BODY>
    <A HREF="login.php">Login</A><P>
    <A HREF="logout.php">Logout</A><P>
    <img src="gif.php?filename=alpha-w.gif"> 
    <embed src="wmv.php?filename=test.wmv">
    </object>
    </BODY>
</HTML>
However once again it works in ie but not in firefox? any ideas

Posted: Mon Jun 26, 2006 3:13 am
by Maugrim_The_Reaper
Opening <object> tag???

Posted: Mon Jun 26, 2006 3:22 am
by Dougwa
lol yeah, sorry about that

I got it working by passing the session id to the filename

Code: Select all

<?php
    session_start();
?>
<HTML>
    <HEAD>
    </HEAD>
    <BODY>
    <A HREF="login.php">Login</A><P>
    <A HREF="logout.php">Logout</A><P>
     Here is an image!<P>
    <img src="gif.php?filename=alpha-w.gif"><P>
    <embed src="wmv.php?filename=test.wmv&session=<?php echo session_id()?>"/>
    </BODY>
</HTML>
And then setting the session id inside of the movie file

Code: Select all

<?php

session_id($_GET['session']);
session_start();

    header("Cache-control: private");
    header("Content-type: video/x-ms-wmv");

    if(isset($_SESSION['name'])){ 
        $file = "content\\" .  $_GET['filename'];
        $fh = fopen($file, 'r');
        $data = fread($fh, filesize($file));
        echo $data;
        fclose($file);
    } else {
        $file = 'content\error.wmv';
        $fh = fopen($file, 'r');
        $data = fread($fh, filesize($file));
        echo $data;
        fclose($file);
    }
?>