Chrisj

In fact, this blocks videos from playing at all: RewriteCond %{REQUEST_URI} \.(mp4)$ [NC] RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L] when these .htaccess lines are commented-out, the videos play as normal. Any additional help is welcomed.

Thanks for your reply. The php web script that I'm trying to modify generates the url/path from where the video file is stored, for example: http://......com/uploads/video/2019/10/BevI9Fl33FErYiqflaV8_31_1489faaeb187967564c2f5986a498c.mp4

I have added this to .htaccess: RewriteCond %{REQUEST_URI} \.(mp4)$ [NC] RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L] and added a validate.php file, containing this: <?php $v = $_GET['video'] ?? null; if(file_exists($v)) { unlink($v); header('Content-type: application/mp4'); header('Content-Disposition: inline; filename=video.mp4'); readfile("./mytestvideo.mp4"); } else http_response_code(404); to the root directory. And then searched and played a video, but still see the unmasked url/path to the video, instead of this type of url/path: http://mymp4.com?validate.php?video=40f677a45113eb829e345d278b8d1d31 as I was hoping for. I'm sure I must have something incomplete. Any additional guidance you'd like to share is much appreciated. Much thanks again

Many thanks again for your posting/reply. I have added this code to an .htaccess file: RewriteEngine OnRewriteCond %{REQUEST_URI} \.(mp4)$ [NC] RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L] I have added this php file: <?php $v = $_GET['video'] ?? null; if(file_exists($v)) { unlink($v); header('Content-type: application/mp4'); header('Content-Disposition: inline; filename=video.mp4'); readfile("./mytestvideoo.mp4"); } else http_response_code(404); named validate.php to the main directory. I just don't know what to do with this: //Generate the link $normalText = "this is just your average string with words and stuff"; $hashedText = md5($normalText); fopen($hashedTest, 'w'); echo "<a href='validate.php?video={$hashedText}'>Link to the video</a> should I put it in a .txt file and add it to my main directory? If so, named what? That's just what I'm not clear on before I test all this. I look forward to your comments/anything you'd like to share.

I thought hashed md5 solution would replace the url/path with a fake url/path that would disappear when the user session is over, and next time that video is played a new fake url/path will be displayed, so I understand "use it in order to identify which video your script should be displaying"?

Thanks for your reply. I don't understand what you mean by "and use it in order to identify which video your script should be displaying"

Thanks for your reply, but I've looked it over and am looking for feedback from higher skilled people than me

Thanks for your reply. Which one would work best for my request: " Is there a way to block or scramble the video's url from being available to be copied? If not, is there a way to have that url be available only if the potential viewer is 'logged-in' to the web site? Or some type of authentication based on checking for a user's PHP temp session file before allowing access from the video's url?"

???

Much thanks again. I have also looked into X-SENDFILE. Can you share why you may think the hash solution posted above might be better than X-SENDFILE solution? I look forward to any comments.

Thanks for your reply, i like a lot of what you explained, but because I’m learning as I go here, I don’t understand the term “hash” and also generating a GET parameter with the hash. I would welcome any additional explanation/elaboration/example that you’d like to share.

How about something like this: RewriteEngine OnRewriteCond %{REQUEST_URI} \.(mp4)$ [NC] RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L] # To disable or prevent the directory access/listing Options -Indexes with this validate.php?: <?phpsession_start(); if (!isset($_SESSION['login'])) { header ('Location: index.php'); exit(); } else { // Get server document root $document_root = $_SERVER['DOCUMENT_ROOT']; // Get request URL from .htaccess $request_url = $_GET['request_url']; // Get file name only $filename = basename($request_url); // Set headers header('Content-type: application/mp4'); header('Content-Disposition: inline; filename='.$filename); // Output file content @readfile($document_root.$request_url); } I look forward to any additional guidance/comments/suggestions

Thanks for your reply. Can you give me an example of that type of script?

Or is there a way to keep the /videos/ folder from being available unless a potential viewer is logged-in to the web site?

Thanks for your reply, is there a way to have that url be available only if the potential viewer is 'logged-in' to the web site? Or some type of authentication based on checking for a user's PHP temp session file before allowing access from the video's url?

When I play a video (that is blocked from being downloaded as a file from a php web script player that I'm using) I can see the url address of the file from my PC in dev tools > networking > media, Is there a way to block or scramble the video's url from being available to be copied? If not, is there a way to have that url be available only if the potential viewer is 'logged-in' to the web site? Or some type of authentication based on checking for a user's PHP temp session file before allowing access from the video's url?

Hello McGyver, I have re-read your great advice (thank you again), regarding the "two tables". I am trying to understand more clearly what you've advised, and trying to improve what is already there (rather than re-create everything). Would it be possible that you could message me so I might be able to ask you some more specifics directly? Thanks again for your kind posting replies. I look forward to your positive response. Many thanks again

Thanks for the replies. In tried this: use assets\import\PHPMailer; and I see this error: Fatal error: Uncaught Error: Class 'assets\import\PHPMailer' not found in /home/public_html/submit/submit.php:18 Stack trace: #0 {main} thrown in ... and I tried this: use assets/import/PHPMailer; and I see this error: Parse error: syntax error, unexpected '/', expecting ',' or ';' in any additional help will be welcomed.

Yes, thanks, got it. Now I see this: Fatal error: Uncaught Error: Class 'PHPMailer\PHPMailer\PHPMailer' not found in /home/public_html/submit/submit.php:13 Stack trace: #0 {main} thrown in /home/public_html/submit/submit.php on line 13 any additional help is appreciated

Thanks for your reply. I'm now trying the code below, but am getting this error: Warning: require(../assets/import/PHPMailer/PHPMailerAutoLoad.php): failed to open stream: No such file or directory in /home/public_html/submit/submit.php on line 11Warning: require(../assets/import/PHPMailer/PHPMailerAutoLoad.php): failed to open stream: No such file or directory in /home/public_html/submit/submit.php on line 11Fatal error: require(): Failed opening required '../assets/import/PHPMailer/PHPMailerAutoLoad.php' (include_path='.:/opt/cpanel/ea-php70/root/usr/share/pear') in /home/public_html/submit/submit.php on line 11 <?php /** * This example shows how to handle a simple contact form. */ //Import PHPMailer classes into the global namespace use PHPMailer\PHPMailer\PHPMailer; $msg = ''; //Don't run this unless we're handling a form submission if (array_key_exists('email', $_POST)) { date_default_timezone_set('Etc/UTC'); require '../assets/import/PHPMailer/PHPMailerAutoLoad.php'; //Create a new PHPMailer instance $mail = new PHPMailer; //Tell PHPMailer to use SMTP - requires a local mail server //Faster and safer than using mail() $mail->isSMTP(); $mail->Host = 'localhost'; $mail->Port = 25; //Use a fixed address in your own domain as the from address //**DO NOT** use the submitter's address here as it will be forgery //and will cause your messages to fail SPF checks $mail->setFrom('chrisj@hmail.com', 'First Last'); //Send the message to yourself, or whoever should receive contact for submissions $mail->addAddress('chrisj@hmail.com', 'John Doe'); //Put the submitter's address in a reply-to header //This will fail if the address provided is invalid, //in which case we should ignore the whole request if ($mail->addReplyTo($_POST['email'], $_POST['name'])) { $mail->Subject = 'PHPMailer contact form'; //Keep it simple - don't use HTML $mail->isHTML(false); //Build a simple message body $mail->Body = <<<EOT Email: {$_POST['email']} Name: {$_POST['name']} Message: {$_POST['message']} EOT; //Send the message, check for errors if (!$mail->send()) { //The reason for failing to send will be in $mail->ErrorInfo //but you shouldn't display errors to users - process the error, log it on your server. $msg = 'Sorry, something went wrong. Please try again later.'; } else { $msg = 'Message sent! Thanks for contacting us.'; } } else { $msg = 'Invalid email address, message ignored.'; } } ?> Any additional guidance is appreciated.

Thanks for your reply. It's not so straight forward to me. Here's what I tried, without success: <?php use PHPMailer\PHPMailer\PHPMailer; $msg = ''; if (array_key_exists('userfile', $_FILES)) { $uploadfile = tempnam(sys_get_temp_dir(), hash('sha256', $_FILES['userfile']['name'])); if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { // Upload handled successfully // Now create a message require '../vendor/autoload.php'; $mail = new PHPMailer; $mail->setFrom('from@example.com', 'First Last'); $mail->addAddress('s@hmail.com', 'John Doe'); $mail->Subject = 'PHPMailer file sender'; $mail->message = 'My message body'; // Attach the uploaded file $mail->addAttachment($uploadfile, 'My uploaded file'); if (!$mail->send()) { $msg .= "Mailer Error: " . $mail->ErrorInfo; } else { $msg .= "Message sent!"; } } else { $msg .= 'Failed to move file to ' . $uploadfile; } header('Location: https://........com'); exit; } ?> any additional guidance will be appreciated

Thanks for your reply. I have PHPMailer installed. Maybe you can help direct me to tie-in this example code to my Form and to the PHPMailer: <?php /** * PHPMailer simple file upload and send example. */ //Import the PHPMailer class into the global namespace use PHPMailer\PHPMailer\PHPMailer; $msg = ''; if (array_key_exists('userfile', $_FILES)) { // First handle the upload // Don't trust provided filename - same goes for MIME types // See http://php.net/manual/en/features.file-upload.php#114004 for more thorough upload validation $uploadfile = tempnam(sys_get_temp_dir(), hash('sha256', $_FILES['userfile']['name'])); if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { // Upload handled successfully // Now create a message require '../vendor/autoload.php'; $mail = new PHPMailer; $mail->setFrom('from@example.com', 'First Last'); $mail->addAddress('whoto@example.com', 'John Doe'); $mail->Subject = 'PHPMailer file sender'; $mail->Body = 'My message body'; // Attach the uploaded file $mail->addAttachment($uploadfile, 'My uploaded file'); if (!$mail->send()) { $msg .= "Mailer Error: " . $mail->ErrorInfo; } else { $msg .= "Message sent!"; } } else { $msg .= 'Failed to move file to ' . $uploadfile; } } ?> And my Form looks like this: <form action='/submit/submit.php' method='post' name='myform'> <input type="hidden" id="some-place" name="some_place" value="classified"> <div class="row"> <div class="col-sm-14"> <textarea name='message' placeholder="Message..." class="form-control" rows="9" ></textarea> </div> </div> <div class="row"> <input class="form-control" type="text" name="name" placeholder="Name "> <input class="form-control" type="email" name="email" placeholder="Email" required> </div> <div class="row"> <input class="btnbtn-action" type='submit' value="Send" onclick="return UpdateTheHiddenField()" > <br/><br/> </div> </div> </div> </form> Any additional guidance is appreciated

Thanks for your reply and suggestion. Would you be interested in providing a simple basic example of a php mailer code similar to what I have shown in my posting?

The html Form I'm using works successfully with this php code: <?php //check if form was sent if($_POST){ $to = 's@hmail.com'; $subject = 'Form1'; $name = $_POST['name']; $email = $_POST['email']; $message = $_POST['message']; $headers = $name; $message .= "\r\n\r\n" . $name; if( empty($_POST["some_place"]) or $_POST['some_place'] != "glory" ) { header("HTTP/1.0 403 Forbidden"); }else{ mail( $to, $subject, $message, $email, $headers ); } header('Location: https://.......com'); exit; } ?> The problem is that when the email is received it shows the (from) email address to be my domain account user name @ the server name, like this: domain1@host3servername.com, where I’d prefer something more like noReply@actualdomain.com Any help or suggested remedy will be appreciated

Thanks for your reply. After adding your suggestion and visiting each page, I see 'category' in the top right corner of a blank white page quickly (see attached) and then the page with this HELLOcategory text here print("<pre>".var_export($page, true)."</pre>"); $text = 'default'; $cateogry_id = ''; $videos = array(); if ($page == 'trending') { $title = $lang->trending; $db->where('privacy', 0); $videos = $db->where('time', time() - 172800, '>')->orderBy('views', 'DESC')->get(T_VIDEOS, $limit); $text = 'trending text here'; } else if ($page == 'latest') { $title = $lang->latest_videos; $db->where('privacy', 0); $videos = $db->orderBy('id', 'DESC')->get(T_VIDEOS, $limit); $text = 'latest text here'; } else if ($page == 'top') { $title = $lang->top_videos; $db->where('privacy', 0); $videos = $db->orderBy('views', 'DESC')->get(T_VIDEOS, $limit); $text = 'top text here'; } else if ($page == 'category') { if (!empty($_GET['id'])) { if (in_array($_GET['id'], array_keys($categories))) { $pt->page_url_ = $pt->config->site_url.'/videos/'.$page.'/'.$_GET['id']; $category = PT_Secure($_GET['id']); $title = $categories[$category]; $category_id = "data-category='$category'"; if (!empty($_GET['sub_id'])) { $is_found = $db->where('type',PT_Secure($_GET['id']))->where('lang_key',PT_Secure($_GET['sub_id']))->getValue(T_LANGS,'COUNT(*)'); if ($is_found > 0) { $pt->page_url_ = $pt->config->site_url.'/videos/'.$page.'/'.$_GET['id'].'/'.$_GET['sub_id']; $db->where('sub_category', PT_Secure($_GET['sub_id'])); } } $db->where('privacy', 0); $category_old = str_replace('category__', '', $category); $videos = $db->where('category_id = "' . $category . '" OR category_id = "' . $category_old . '"')->orderBy('id', 'DESC')->get(T_VIDEOS, $limit); $text = 'category text here'; } else { header("Location: " . PT_Link('404')); exit(); } } } Any additional help is appreciated.