I have no idea whether this is possible or not but I'll ask to be sure...
For security reasons I am using a Flash file which loads in other swf files, I was just wondering if I could load an swf file into the flash movie from a PHP file.
Thanks for any help, even if your gonna tell me it can't be done =)
Sure it can be done.
There are two quick solutions:
OPTION "A":
The main Flash movie DOES NOT contain the URL's of the other Flash movies.
A database, or text file, contains the URL's of the other Flash movies, with an ID for each URL.
The main Flash movie requests an URL, sending the ID of the desired movie (at this point a PHP file processes the request and sends back the URL of the desired movie, IF the user is authorized, user authentication must have already been done, you use the $_SESSION functions to manage login).
The main Flash movie loads the desired Flash movie.
OPTION "B":
The main Flash movie only contains the filenames of the other Flash movies.
The main Flash movie sends a request with the filename and loads the desired Flash movie.
The PHP script processes the request, and IF user is authorized, it loads the Flash movie and outputs it (the other Flash movies can be placed outside of the PUBLIC_HTML root, so that they can NOT be accessed from the web).
You should go have a look at http://www.php.net/. There is plenty of documentation there.
You should type "session", "header" and "image" in the search box (looking for functions).
If you want to load Flash movies THROUGH php, you need to use the GD graphic library (most likely, but maybe not, you will have to check it).
With option "B", Flash would just do this:
Code:
function safeLoadMovie(filename, myTarget) {
myTarget.loadMovie("path_to/script.php?movie=" + filename);
}
Hope this helps..
Altruism does not exist. Sustainability must be made profitable.
A website is delivered by a server, basically a personal computer with optimized resources and the necessary software (like a Unix workstation with an Apache web server software).
The web server software handles the website(s) giving a set of privileges for the internet clients on the computer it's running on. Obviously you don't want anonymous users to be able to access the whole filesystem of the computer, so this is where the "public_html" comes into place.
The "public_html" folder (that can have another name, it's just defined as the "public_html"), is the one that anonymous clients coming in from the web can access freely.
It is also called the root of the website, because it is the mother folder of the public documents of the website.
With CGI, ASP, PHP etc.. you can work directly on the filesystem (PHP has a very limited set of privileges though.. due to file owner issues and SAFE_MODE), which means that you can load files that are outside of the public_html area.
That is good if you want to keep content private: this way, the only way to reach the content is through your script, and if your script requires authentication, you need it!
In other cases, placing your content in folders with complex names without direct links, somebody might eventually spot the URL and access the content without limitations. (yes you can always use directory access restrictions, but it's very ugly to use it...).
Cheers
Altruism does not exist. Sustainability must be made profitable.
I'm still missing something here. Assume your using a hosting company and not your own server. I have seen hosts where there are other than the public-html folders available, but not often. When you log in, that's it. How are you supposed to make a folder outside that?
in that case you should check for password protected folders. Just put the files into protected area - your serverside script can access them but direct access from a browser will be blocked
server scripts can - and should - tell the browser that the swf is not cachable.
Besides, usually the plan is not to prevent somebody from viewing again but rather to prevent somebody else from viewing stuff where they can guess the url. Also, it is somewhat unlikely that movies which were extracted from cache really work ... they will be unable to communicate with their home server
make the movie talk to the server - when someone tries to run the file extracted from cache, it would try to talk to localhost and perhaps not get the responses it expects
Yes, SWF movies launched locally don't have domain restrictions. They can communicate with the original home server with no limitation.
Geezer, when you FTP to your shared server, you should try going "up" folders, to the root of the resources that have been made available to you.
A good hosting service will give you a "virtual server", which means that when you FTP your account, you will see all the usual folders of a whole machine, even though you don't have the ability to actually configure it (most of the configuration files are there just because it's a "virtual server", but actually are not read by the system, as the system has it's own parent configuration).
In such cases, your "public_html" folder will most likely be found at the address "/var/www/html/".
From Dreamweaver, you can define "/" as the initial folder, this should get you to the root of the available resources.
If you need a better hosting service, go look at http://www.mediatemple.net/. They have the optimum quality/price/guarantee ratio. Been with them for years, few problems and quick service!
Cheers
Altruism does not exist. Sustainability must be made profitable.
while local swf can connect to any server, I believe that a swf calling its home server via relative path can be quite an obstacle ... one would need to duplicate the functionality of the remote script or decompile and then rebuild the movie
While you can do all these things to make your swf files ungetable (storing in the root folder, making the swf connect to a file on the server and the load - so that it cannot run past frame 1 without recieving a variable from this file etc...) there always seems to be a way of getting in.
The best solution would to somehow stop the file from being cashed, which is probably impossible - or very hard =(. So any ideas....?
There is a way, although I'm not sure how, to make sure no one can download or open files on your website directly. If you could combine this with allowing no cache then it would be pretty hard to actually get the file.
myClip.loadMovie("filename.swf?nocache=" + new Date().getTime());
make the movie talk to the server
Heyden Porter has a nice script that will make the movie unable to play on localhost or any server but the one you specify. But again, if the swf is ripped, anyone can get the code. I'll attach an example. The best protection I have found is Amayeta's SWFEncrypt 3. It works. If someone snags the swf and tries to rip it, they get a bunch of worthless code loops, the images are smeared and there are no sounds in the library.
Geezer, when you FTP to your shared server, you should try going "up" folders,
Yeah, tried that, but I'm with godaddy, and they don't let you do that either. But the deal is too good to leave.
Last edited by Ask The Geezer; 03-27-2006 at 02:25 PM.
Nice one! I've tried out that swf file on my computer and two of mywebsites and it's, well... emence!
I have two further questions:
1) I have some PHP files, that do not cache, which load data from txt files (and soon a database). Could I make these not cache by using the same principle as:
myClip.loadMovie("filename.swf?nocache=" + new Date().getTime());
or is there some other way?
and 2, could you give me a link to somwhere where I can download Amayeta's SWFEncrypt 3, thanks.
Reply With Quote
