Hide URL [Archive] - Web Hosting Talk

View Full Version : Hide URL

raulgonzalez

02-15-2007, 01:15 PM

Hello,

I am using the code below which displays a sample movie. I wanted to know how to restrict the user to only viewing the video and not downloading it.

if users types in http://mysite.ext/video/file.php then they will be able to download it.

I tried the "$_SERVER['HTTP_REFERER']" but that didn't work since it seems to respond only to a paged refered via a clicked link and not to a redirection

I don't know, maybe something that works with a GET method or something. I will be googling.

Thank you

------------------------------------------------------------------------------------------------------



<?
$url = "../video/file.php";
?>

<table border='0' cellpadding='0' align="left">
<tr><td>
<OBJECT id='mediaPlayer' width="320" height="285"
classid='CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95'
codebase='http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701'
standby='Loading Microsoft Windows Media Player components...' type='application/x-oleobject'>
<param name='fileName' value="<? echo $url; ?>">
<param name='animationatStart' value='true'>
<param name='transparentatStart' value='true'>
<param name='autoStart' value="true">
<param name='showControls' value="true">
<param name='loop' value="true">
<EMBED type='application/x-mplayer2'
pluginspage='http://microsoft.com/windows/mediaplayer/en/download/'
id='mediaPlayer' name='mediaPlayer' displaysize='4' autosize='-1'
bgcolor='darkblue' showcontrols="true" showtracker='-1'
showdisplay='0' showstatusbar='-1' videoborder3d='-1' width="320" height="285"
src="<? echo $url; ?>" autostart="true" designtimesp='5311' loop="true">
</EMBED>
</OBJECT>
</td></tr>


<tr><td align='center'>
<a href="<? echo $url; ?>" style='font-size: 85%;' target='_blank'>Launch in external player</a>

</td></tr>
</table>
------------------------------------------------------------------------------------------------

horizon

02-15-2007, 05:10 PM

Add your video filename under database and gather the ID from query. You could also urlencode the URL for protecting your content (as a minimal restriction).

raulgonzalez

02-15-2007, 06:30 PM

Ok I kind of pulled it out with sessions, but I am super unsecure about it.

I just need a way to identify if the file is being accessed directly or indirectly.

EX.

<?
if URL accessed from the adress bar {
do something
}
else
{
do another thing
}
?>

So that I can destroy the session or something

Any ideas?

Below is what I have so far.
----------------------------------------------------------------------
Movie_page.php

<?
session_start();
?>



<?
$url = "../nickburns/file.php";
//$url = urlencode($url);
?>

<?
$self = $_SERVER['PHP_SELF'];
$_SESSION['url'] = $self;
echo $_SESSION['url'];

if ($self != "/LearningCenter/nickburns/windows_inc.php"){
echo "Not allowed";
exit;
}
else
{
?>

<table border='0' cellpadding='0' align="left">
<tr><td>
<OBJECT id='mediaPlayer' width="320" height="285"
classid='CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95'
codebase='http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701'
standby='Loading Microsoft Windows Media Player components...' type='application/x-oleobject'>
<param name='fileName' value="<? echo $url; ?>">
<param name='animationatStart' value='true'>
<param name='transparentatStart' value='true'>
<param name='autoStart' value="true">
<param name='showControls' value="true">
<param name='loop' value="true">
<EMBED type='application/x-mplayer2'
pluginspage='http://microsoft.com/windows/mediaplayer/en/download/'
id='mediaPlayer' name='mediaPlayer' displaysize='4' autosize='-1'
bgcolor='darkblue' showcontrols="true" showtracker='-1'
showdisplay='0' showstatusbar='-1' videoborder3d='-1' width="320" height="285"
src="<? echo $url; ?>" autostart="true" designtimesp='5311' loop="true">
</EMBED>
</OBJECT>
</td></tr>


<tr><td align='center'>
<a href="<? echo $url; ?>" style='font-size: 85%;' target='_blank'>Launch in external player</a>

</td></tr>
</table>

<?
}
?>

--------------------------------------------------------------------------------------------------------------

Acess_to_movie_code.php

<?
session_start();

if ($_SESSION['url'] != "/LearningCenter/nickburns/Movie_page.php"){
echo "sorry";
}
else
{

// This is an example of PHP script using DOWNLOADFILE class.
// On any page you need to create a link to this script.
// By pressing on this link you will automatically get a dialog box to download the "filename.ext" file.
//$id = $_GET['id'];

//$id = "readme.txt";

include("downloadfileclass.inc");

$downloadfile = new DOWNLOADFILE("D:/laredoedu/wwwroot/LearningCenter/nickburns/jackie_chan.mpg");

if (!$downloadfile->df_download()) echo "Sorry, we are experiencing technical difficulties downloading this file. Please report this error to Technical Support.";

}
?>

tiamak

02-16-2007, 08:16 AM

Ok I kind of pulled it out with sessions, but I am super unsecure about it.
I just need a way to identify if the file is being accessed directly or indirectly.

and this session trick will do that :)
ofcourse they can download your movies from your site but cant access it without visiting your site :) so it seems to be ok

if u would like to allow to watch movie only via your website (using object/embed)
then:
on movie_page.php generate some unique string (md5 something ...) and save it in database
then add it as variable to movie url in object/embed
then in access_to_movie.php
add some code on the top
that will check if unique id sent in url is present in db
if yes then add some code that will remove it from db and display movie
and thats all :D
ofcourse "launch in external player" link will not work then and user will be able to watch movie only via object/embed (but i guess user will be able to watch it only one time, to watch it again user will need to refresh website) :)