Chrisj
-
Posts
551 -
Joined
-
Last visited
-
Days Won
1
Posts posted by Chrisj
-
-
Thanks for your reply.
The php web script that I'm trying to modify generates the url/path from where the video file is stored, for example:
http://......com/uploads/video/2019/10/BevI9Fl33FErYiqflaV8_31_1489faaeb187967564c2f5986a498c.mp4
-
I have added this to .htaccess:
RewriteCond %{REQUEST_URI} \.(mp4)$ [NC] RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L]
and added a validate.php file, containing this:<?php $v = $_GET['video'] ?? null; if(file_exists($v)) { unlink($v); header('Content-type: application/mp4'); header('Content-Disposition: inline; filename=video.mp4'); readfile("./mytestvideo.mp4"); } else http_response_code(404);
to the root directory. And then searched and played a video, but still see the unmasked url/path to the video, instead of this type of url/path:http://mymp4.com?validate.php?video=40f677a45113eb829e345d278b8d1d31
as I was hoping for.
I'm sure I must have something incomplete.
Any additional guidance you'd like to share is much appreciated.
Much thanks again
-
Many thanks again for your posting/reply. I have added this code to an .htaccess file:
RewriteEngine OnRewriteCond %{REQUEST_URI} \.(mp4)$ [NC]
RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L]I have added this php file:
<?php $v = $_GET['video'] ?? null; if(file_exists($v)) { unlink($v); header('Content-type: application/mp4'); header('Content-Disposition: inline; filename=video.mp4'); readfile("./mytestvideoo.mp4"); } else http_response_code(404);
named validate.php to the main directory.
I just don't know what to do with this:
//Generate the link $normalText = "this is just your average string with words and stuff"; $hashedText = md5($normalText); fopen($hashedTest, 'w'); echo "<a href='validate.php?video={$hashedText}'>Link to the video</a>
should I put it in a .txt file and add it to my main directory? If so, named what?
That's just what I'm not clear on before I test all this.
I look forward to your comments/anything you'd like to share.
-
I thought hashed md5 solution would replace the url/path with a fake url/path that would disappear when the user session is over, and next time that video is played a new fake url/path will be displayed, so I understand "use it in order to identify which video your script should be displaying"?
-
Thanks for your reply.
I don't understand what you mean by "and use it in order to identify which video your script should be displaying"
-
Thanks for your reply, but I've looked it over and am looking for feedback from higher skilled people than me
-
Thanks for your reply.
Which one would work best for my request: " Is there a way to block or scramble the video's url from being available to be copied? If not, is there a way to have that url be available only if the potential viewer is 'logged-in' to the web site? Or some type of authentication based on checking for a user's PHP temp session file before allowing access from the video's url?"
-
-
Much thanks again. I have also looked into X-SENDFILE.
Can you share why you may think the hash solution posted above might be better than X-SENDFILE solution?
I look forward to any comments.
-
Thanks for your reply,
i like a lot of what you explained, but because I’m learning as I go here, I don’t understand the term “hash” and also generating a GET parameter with the hash. I would welcome any additional explanation/elaboration/example that you’d like to share.
-
How about something like this:
RewriteEngine OnRewriteCond %{REQUEST_URI} \.(mp4)$ [NC] RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L] # To disable or prevent the directory access/listing Options -Indexes
with this validate.php?:
<?phpsession_start(); if (!isset($_SESSION['login'])) { header ('Location: index.php'); exit(); } else { // Get server document root $document_root = $_SERVER['DOCUMENT_ROOT']; // Get request URL from .htaccess $request_url = $_GET['request_url']; // Get file name only $filename = basename($request_url); // Set headers header('Content-type: application/mp4'); header('Content-Disposition: inline; filename='.$filename); // Output file content @readfile($document_root.$request_url); }
I look forward to any additional guidance/comments/suggestions
-
Thanks for your reply. Can you give me an example of that type of script?
-
Or is there a way to keep the /videos/ folder from being available unless a potential viewer is logged-in to the web site?
-
Thanks for your reply, is there a way to have that url be available only if the potential viewer is 'logged-in' to the web site? Or some type of authentication based on checking for a user's PHP temp session file before allowing access from the video's url?
-
When I play a video (that is blocked from being downloaded as a file from a php web script player that I'm using) I can see the url address of the file from my PC in dev tools > networking > media, Is there a way to block or scramble the video's url from being available to be copied? If not, is there a way to have that url be available only if the potential viewer is 'logged-in' to the web site? Or some type of authentication based on checking for a user's PHP temp session file before allowing access from the video's url?
-
Hello McGyver,
I have re-read your great advice (thank you again), regarding the "two tables". I am trying to understand more clearly what you've advised, and trying to improve what is already there (rather than re-create everything). Would it be possible that you could message me so I might be able to ask you some more specifics directly?
Thanks again for your kind posting replies. I look forward to your positive response.
Many thanks again
-
Thanks again for your reply.
Yes, I've been reading. I've been given a lot of advice and tried many things without success (including what was provided here and elsewhere).
But, some of the explanation I don't understand, like this sentence "use the new wallet and balance amounts in that existing single query, per the comment i added at that point, rather than to start adding more queries before the start of where the transaction/rollback logic starts".Earlier in this thread I was told "Try reading your own code. Go through it line by line and check the value of each variable after each line executes". Based on that, as far as I can see, this should work, but shows 'not enough money:
} else { // 4 + 4 >= 6 if ($wallet + $balance >= $amount) { // 8 = 4 + 4 $balance = (string)($balance + $wallet); // 2 = 8 - 6 $balance = (string)($balance - $amount); $wallet= '0'; $db->where('id', $user_id); $update_user_balance = $db->update(T_USERS, [ 'balance' => $balance ]); } }
any additional guidance is appreciated
-
Thanks for your reply.
This seems to work successfully, where a purchase uses the amount in ‘wallet’ first, and then uses the amount in ‘balance’ if there is not enough in ‘wallet’:
however, if all videos cost 2 (or higher), and there is “1” left in the ‘wallet’, it will never get used. I am looking to see how I can make more like if ‘wallet’ is zero then deduct from ‘earnings’ (or wallet + balance = amount)…
I have tried this revision without success:
// Check if user has enough wallet amount to purchase video if($wallet >= $amount){ $wallet = (string)($wallet - $amount); $db->where('id', $user_id); $update_wallet = $db->update(T_USERS, [ 'wallet' => $wallet ]); } else { if($wallet < $amount && $wallet + $balance >= $amount){ $wallet = (string)($wallet - $amount) + $balance = (string)($balance - $amount); $db->where('id', $user_id); $update_user_balance = $db->update(T_USERS, [ 'balance' => $balance ]); $db->where('id', $user_id); $update_wallet = $db->update(T_USERS, [ 'wallet' => $wallet ]); } }
I’m trying to say this;
if what’s in the ‘wallet’ is less than the amount AND $balance has more than or equal to the amount:if($wallet < $amount && $wallet + $balance >= $amount){
then proceed to deduct whatever is left in 'wallet' to satisfy the amount + the rest of the amount from $balance:
$wallet = (string)($wallet - $amount) + $balance = (string)($balance - $amount);
but, apparently I need to say this better in code:
“then proceed to deduct whatever is left in 'wallet' to satisfy the amount + the rest of the amount from $balance”any additional help is greatly appreciated.
-
Thanks for your reply. Much appreciated.
I have tried your suggestion without success.
I see a pop-up dialog box that displays: "Something went wrong. Please try again later!!" (from the script.js file):
function PT_MultipleBuyVideo() { var checked = getSelectedVideos(); if (!checked) { return false; } swal({ title: "", type: "info", html:"Simply proceed to purchase " + countSelectedVideos() + " video(s) at a total cost of " + countTotalCredits() +" credits", showCancelButton: true, cancelButtonText: "Close", customClass: 'sweetalert-lg', confirmButtonText:'Proceed' }).then(function(){ $.ajax({ url: PT_Ajax_Requests_File() + 'aj/buy-video', type: 'POST', dataType: 'json', data: {id:checked}, }).done(function(data){ if (data.status == 200) { for (var i = 0; i < checked.length; i++) { var button = $("button[data-action='multiple_select_button'][data-id='" + checked[i] + "']") buttonMultipleSelectingStyle(button, 'purchased'); } swal({ title: "Success", type: "success", html:"", showCancelButton: true, cancelButtonText: "Close", customClass: 'sweetalert-lg', confirmButtonText:'Go To Video(s)' }).then(function(){ window.location.href='/paid-list'; }); } else { if (data.error_num == 1) { swal( 'Error!', 'Not enough money(test)', 'error' ); } else { swal( 'Error!', 'Something went wrong. Please try again later!', 'error' ); } } }).fail(function() { swal( 'Error!', 'Something went wrong. Please try again later!!', 'error' ); }) }); }
The only thing that shows 'not enough money' from 'wallet' or "success' (when there is enough) is this:
if($wallet + $balance >= $amount) { $wallet = (string)($wallet - $amount); //}elseif $wallet = 0; { $balance = ($balance - $amount); $db->startTransaction();
Any other ideas will be appreciated
-
So, I just tried this without success:
Code:if ($wallet >= $amount) { $wallet = (string)($wallet - $amount); } elseif ($wallet + $balance >= $amount) { $balance = (string)($balance - $amount); $db->startTransaction(); etc....
By ‘without success’, I mean that the same message appears as if just the ‘wallet’ doesn’t have enough “Not Enough Money” - when I test - by having 3 in ‘wallet’ and 3 in earnings (equals a total of 6) but try to purchase something that costs 5.
Any suggestion, guess or guidance will be appreciated. -
The "Something went wrong. Please try again later!!" is in a pop-up dialog box, and comes from the script.js file.
Also, when I comment out those additional lines of code, the script gets no error.
-
In my account 'wallet' I have 3, and in 'balance' I have 3, which equals a total of 6. I tried to purchase a total of 5, with this code added:
if($wallet >= $amout) { // take money first from wallet } elseif ($wallet + $balance >= $amout) { // take money first from wallet and/or balance } else { echo json_encode([ 'status' => 400, 'error_num' => 1, 'error' => 'Not enough money' ]); } else {
I saw
"Something went wrong. Please try again later!!"any additional help is appreciated
-
Thanks for your reply.
I appreciate your time you've taken to explain. It all makes sense.
It is a lot for me to implement, although I'm working on it.However, the first step for me, I believe, would be to get help with adding in these things you've commented, please, before I start improving my tables.:
// it is here that you would include the balance amount
// you would calculate new wallet and balance amounts
// you would include the new 'balance' tooany guidance, examples of what's needed there, will be greatly helpful.
-
How to block a video from being accessed via url?
in PHP Coding Help
Posted
In fact,
this blocks videos from playing at all:
RewriteCond %{REQUEST_URI} \.(mp4)$ [NC] RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L]
when these .htaccess lines are commented-out, the videos play as normal.
Any additional help is welcomed.