[How to hide the video url?]

Thanks for your reples. In reply to "otherwise the browser wouldn't know the url to retrieve the video from in order to play it"

 

When a video, thru my website, is ready to be played, this shows in the browser:

 

www........com/results.php?x=178&y=16

 

So, the video url doesn't appear in the browser, the video(mp4) plays in the flowplayer that pops-up in a box over the page, but you can right-click (in Chrome) "Copy video URL", so someone could simply copy the url and play it over and over using my data transfer cost.

 

Can a random string be added to the file name via the player, or something, so the theif doesn't have the correct path/link?

[How to hide the video url?]

Thanks for your reply. You said "completely hide the url". How about partially?

[How to hide the video url?]

In my php web site the video player appears and plays the video. In Chrome you can right click on the player screen and choose 'inspect element' etc, but another choice is 'Copy video URL'. How can I block that, or hide (or disguise/rename) video URLs?

[How to style this drop-down box]

How can I style this drop-down list/box in IE, so it looks the same as how I have it in Chrome?

(see attached images)

 

Here's the current code:

<form method="get" action="../search.php" name="myForm" />
<select size="1" name="type" class="dropdown_box" />
<option value="1">CHANNEL 1</option>
<option value="2">CHANNEL 2</option>
<option value="any string here">ALL CHANNELS</option>
</select>
<input autocomplete="off" id="keyword" name="keyword" value="Enter text" onfocus="if (this.value=='Enter text') {this.value=''; this.style.color='#696969';}" onclick="clickclear(this, 'Search [var.site_name]')" onblur="clickrecall(this,'Search [var.site_name]')" value="" />
<input type="submit" value="VIEW"/>
</form>

/*input,select.dropdown_box {*/
input.common-input, select.dropdown_box {
width:100px;
height: 40px;
color:#cccccc;
border:1px solid #cccccc;
background: #ffffff;
}

input:focus,select:focus{background:#ffffff}

Any help will be appreciated.

[Help with adding file size limit to Upload Form]

I'm trying to add a file size limit to my upload form-code (below)

 

Is this correct?

if ( $_FILES["file"]["size"] < 100000

If that's correct, do I need any additional code to make that line of code functional?

 

$allowedExts = array("gif", "jpeg", "jpg", "pdf", "doc", "docx", "txt", "rtf", "png");

$temp = explode(".", $_FILES["file"]["name"]);

$extension = strtolower( end($temp) );

if (!in_array($extension,$allowedExts))

{

echo ("Error - Invalid File Name");

}

$length = 20;

$randomString = (time());

$thumbnail = $_SESSION['user_id'] . '-' . $randomString . "." . $extension;

move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $thumbnail);

$sql = "INSERT INTO videos ( filename ) VALUES( '$thumbnail' )";

mysql_query($sql);

$file_location = '<a href="http://www.......com/upload/' . $thumbnail . '">' . $thumbnail .     '</a>';

Thanks. I look forward to any help.

 

[Document downloads instead of opens]

Thanks for that reply.

I did go to Google Chrome > Developer Tools > Network --- refreshed --- and then selected the php page 'results1.php > Headers > Request Headers > view source     and I see this:

 

 

GET /results1.php?x=63&y=11 HTTP/1.1

Host: .......com

Connection: keep-alive

Cache-Control: max-age=0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36

Referer: http://........com/video1.php

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: user=chrisj; pass=23c50817fd4612579a4aa31634388a2b8815e9; PHPSESSID=32d4133605a93870317c09aa3e8918

Query String Parametersview sourceview URL encoded

 

And I don't see the line "Header set Content-Disposition attachment" anywhere. I look forward to any additional reply/thoughts/guidance.

thanks again

[Document downloads instead of opens]

Thanks for your message.

I opened the web page where the "select "Click Here" link is" and then opened "the tab 'Network' in Google Chromes' Developer tools",

and didn't see the line "Header set Content-Disposition attachment" anywhere.

 

My .htaccess file looks like this:

# By default, no module files may be accessed
# directly from a webbrowser.
Order deny,allow
Deny from all

# File types for which we make an exception.
<Files ~ "\.(gif|jpg|jpeg|png|css|doc|js|php)$">
    Order allow,deny
    Allow from all
</Files>

Header set Content-Disposition attachment

ErrorDocument 403 /403.php
ErrorDocument 404 /404.php

AddType application/x-httpd-php .html .htm

Any additional help will be appreciated.

[Document downloads instead of opens]

Thanks for your reply.

If I read your reply correctly, this is what I tried, I added this line "Header set Content-Disposition attachment" into a .htaccess file, and then added the .htaccess file to the /upload/ folder, then uploaded a .doc file, but it still downloaded.

If I didn't do that correctly please let me know what to do. If I did that correctly, any other ideas will be appreciated.

[Document downloads instead of opens]

Thanks for your reply.

Yes, I "want all files in /upload/ to always show inside the browser". Never download.

 

Yes, it's Apache

 

Any additional help will be appreciated. 

[Document downloads instead of opens]

This upload form code works successfully, where a file is chosen, renamed and stored in the 'upload' folder,

and when I select the "Click Here" link from a web page, it shows what was uploaded, successfully.

 

But when I added the extension "doc" and selected "Click Here", instead of showing the document, 

the file automatically shows that it's downloading to my computer. Can you tell me possibly why is that happening?

 

$allowedExts = array("gif", "jpeg", "jpg", "pdf", "doc", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = strtolower( end($temp) );
if (!in_array($extension,$allowedExts))
{
echo ("Error - Invalid File Name");
exit();  
}
$length = 20;
$randomString = (time());
$thumbnail = $randomString . "." . $extension;
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $thumbnail);
$sql = "INSERT INTO videos ( filename ) VALUES( '$thumbnail' )";
mysql_query($sql);
$file_location = '<a href="http://www....com/upload/' . $thumbnail . '">' . $thumbnail . '</a>';

 

[Add the user_id to the random string]

Thanks for your reply, but I don't know how to add "user_id -" "to build $thumbnail"

 

any additional help will be apprecaited.

[Add the user_id to the random string]

In the PHP script I'm using, in the Upload Form the user selects an image to Upload, the Form renames it like so:

$allowedExts = array("gif", "jpeg", "jpg", "pdf", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = strtolower( end($temp) );

if (!in_array($extension,$allowedExts))
{
echo ("Error - Invalid File Name");

}
$length = 20;
$randomString = (time());
$thumbnail = $randomString . "." . $extension;

The random string works successfully, but I'd like to add the user_id to the beginning of it and a dash, like this:

user_id - 

So, the new file name would be something like:   user_id-randomString.extension

 

Can you please help me add that?

 

[Better way to write this line of code?]

Can you suggest a better way to write this code (I didn't create it):

<body onload="getParameterByName('url')">

<a href="" id="urllink" >Click Here</a>

</body>

so, I don't have to change the <body> tag?

[Help with displaying a successful hyperlink]

Thanks for your reply, but I'm not sure if providing the source is going to help here. It isn't my script I'm just trying to tweak it, to get this one function working.

 

But, what I actually think might help, please, is to know if I add in a function, into the code above, like this example:

 function getFilename($id) {
 $sql1 ="SELECT filename FROM videos WHERE indexer = '".$id."'";
 $query1 = mysql_query($sql1) or DIE(mysql_error());
 $result = mysql_fetch_array($query1);

 return $result['filename'];

}

Will it correspond with this upload Form code - where the image file is chosen and stored:

$allowedExts = array("gif", "jpeg", "jpg", "pdf", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = strtolower( end($temp) );
if (!in_array($extension,$allowedExts))
{
echo ("Error - Invalid File Name");
}
$length = 20;
$newfilename = $_SESSION['user_id'].$_FILES["file"]["name"];
$thumbnail = $newfilename;
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $thumbnail);

$sql = "INSERT INTO videos ( filename ) VALUES( '$thumbnail' )";

mysql_query($sql);
$file_location = '<a href="http://www.--.com/upload/' . $thumbnail . '">' . $thumbnail . '</a>';

Any additional help will be greatly appreciated.

[Help wanted with tweaking PHP script]

Help wanted with tweaking PHP script

[Help with displaying a successful hyperlink]

Thanks for your replies.

When I add your "standard HTML img element" 

<?php
$file = '/home/me/www/images/' . $row['filename'];
if(file_exists($file)) {
 $file = $row['filename'];
} else {
 $file = 'default.jpg';
}
 echo '<img src="http://mysite.com/images/' . $file . '" alt="No image" />';
 ?>

I see this part of that code on the page   '; ?>

Help please.

[Help with displaying a successful hyperlink]

I'm using a templated PHP script where the (video) Upload Form info (title, description, etc.) is displayed (after the upload) on a page below the video.

 

I added a basic image-uploader to the Form, and some code that, via the Form, adds the 'user_id' to the beginning of the file name, for example, people.png uploaded (by user 9) becomes the new file name: 9people.png, which gets uploaded into the /upload/ folder, and stores that new file name into a db table called 'videos', into a column named 'thumbnail'. 

 

I'm looking for guidance with making a successful hyperlink(to the image) appear where the Upload Form info is displayed.

 

This is the results.php page code that corresponds with the html page (inner_results.htm):

<?php
include_once ('classes/config.php');
include_once ('classes/sessions.php');
include_once ('classes/functions.inc.php');
 $page_title        = $site_name;
 $submitted         = $_POST['submitted'];
$which_one         = mysql_real_escape_string($_GET['load']);
$limit         = 20;
 $keyword = $_SESSION['searched'];
 // this is per each template from config.inc.php advanced config settings
$page_display_small_width    = $config['general_medium_thumb_width']; // 80
 $member_credits = get_member_credits($user_id);
 if ($user_id != "") {
 $inner_template1     = "themes/$user_theme/templates/inner_results.htm";
 }else{
 $show_login        = 1;
$inner_template1 = "themes/$user_theme/templates/inner_signup_form.htm";
}
 // FUNCTIONS
 function getUsername($id) {
 $sql1 = "SELECT * FROM member_profile WHERE $query1 = mysql_query($sql1) or DIE(mysql_error());
$result = mysql_fetch_array($query1);
 return $result['user_name'];
}
function getVidTitle($id) {
$sql1 = "SELECT * FROM videos WHERE indexer = $id";
$query1 = mysql_query($sql1) or DIE(mysql_error());
$result = mysql_fetch_array($query1);
 return $result['title'];
}
?>

Can you make a suggestion, or give me an idea, as to what I might add to results.php (and inner_results.php) in order to display a successful hyperlink to the image that was uploaded with the video? 
Any help will be appreciated.

 

[Where to add this line of code for a successful link?]

I'm using a templated PHP script and have successfully added a link (to an image) 

to an html page there  (inner_play.htm) 

<a href="http://www.--.com/upload/[var.thumbnail]"><?php echo $newfilename?>Click Link</a>

and this (into the play.php file):

$thumbnail = $result['thumbnail'];

and this

$thumbnail = $_SESSION['$newfilename'];

So, I added it to another page (search_results.htm) without success.

 

I've tried a few different places, (in search.php file), to add:

$thumbnail = $result['thumbnail'];
$thumbnail = $_SESSION['$newfilename'];

but the link doesn't work from search_results.htm page

Maybe you can simply tell me where those lines should work best in search.php, or any other insight.

Any help will be appreciated. - see Search.php file attached

search.php

[Can you please tell me what each of these lines means?]

Thanks for all of your help and for your insight. I think I've got it now. Much thanks again

[Can you please tell me what each of these lines means?]

Trying again:

<?php


include_once ('classes/config.php');
include_once ('classes/sessions.php');
include 'uploader_conlib.php';

$config['notification_error'] = $lang_error;

$page_title = $lang_upload_video;


if ($_SESSION['user_id'] == "") {
	header("Location: " . "$base_url/login.php");
	die();
}

$load_javascript	= 1;
$ahah			= 1;
$thickbox = 1;

///////////////////////////////////////////////////////////////////////////////////////
// ADDED SPAMMER UPLOAD TRACKING LOGING
//

$member_uploading		= $_SESSION['user_name'];
$tracking_log_file	= 'logs/uploader_log.txt';
$admin_email		= $config['admin_notify_email'];
$user_ip			= mysql_escape_string($_SERVER['REMOTE_ADDR']);
$referer			= mysql_real_escape_string($_SERVER['HTTP_REFERER']);

if ( $referer == '' ) die_spammer_alerts();
if ( !ereg ($_SERVER['SERVER_NAME'], $referer) ) die_spammer_alerts();

///////////////////////////////////////////////////////////////////////////////////////

//echo $debugmodex;

//get channel data, create "select" form fields to load into form
$sql			= "SELECT channel_id, channel_name FROM channels";
$result1 		= @mysql_query($sql);
$count_cats 	= @mysql_num_rows($result1);
$fields_all 	= '';
$sub_fields_all	= '';
$show_fields	= '';

$fields_all .= '<option value="99999">Select One</option>';

while ($result = @mysql_fetch_array($result1)) {
    	$fields_all .= '<option value="'.$result['channel_id'].'">'.$result['channel_name'].'</option>';
}

$sub_cat_choice = (int) mysql_real_escape_string( $_GET['sub_cat'] );

if ( $sub_cat_choice ) {

	if ( $sub_cat_choice == '99999' ) {

		$sub_fields_all  .= '<select class="image_form" style="width:160px;" size="1" name="sub_cat">';
		$sub_fields_all  .= '<option value="99999">'.$lang_no_sub_categories.'</option>';
		$sub_fields_all .= '</select> ('.$lang_select.')';
		echo $sub_fields_all;
		die();

	} else {

		$sql2			= "SELECT * from sub_channels WHERE parent_channel_id = $sub_cat_choice";
      	$query		= @mysql_query($sql2);
		$sub_fields_all  .= '<select class="image_form" style="width:160px;" size="1" name="sub_cat">';

      	while ($result2 = @mysql_fetch_array($query)) {
    			$count_subs		= @mysql_num_rows($query);
    			$sub_fields_all  .= '<option value="'.$result2['sub_channel_id'].'">'.$result2['sub_channel_name'].'</option>';
     		}

     		if ( $count_subs == '' ) {
     			$sub_fields_all  .= '<option value="99999">'.$lang_no_sub_categories.'</option>';
		}

     		$sub_fields_all .= '</select> ('.$lang_select.')';

     		echo $sub_fields_all;
	     	die();
	}
}

// grab values from form if any
$form_submitted		= $_POST['form_submitted'];
$title 			= $_POST['title'];
$description 		= $_POST['description'];
$tags 			= $_POST['tags'];
$thumbnail    = $_POST['thumbnail'];
$location_recorded	= $_POST['location_recorded'];
$allow_comments 		= $_POST['allow_comments'];
$allow_embedding 		= $_POST['allow_embedding'];
$public_private 		= $_POST['public_private'];
$channel 			= $_POST['channel'];
$sub_cat			= $_POST['sub_cat'];
$procede 			= true;

///////////////////////////////////////
/////////////////////////////////////////

$allowedExts = array("gif", "jpeg", "jpg", "pdf", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = strtolower( end($temp) );
//  ADD CHECK FOR VALID FILE
if (!in_array($extension,$allowedExts))
{
echo ("Error - Invalid File Name");
//exit();  // or do whatever else you want here
}
$length = 20;
$newfilename = $_SESSION['user_id'].$_FILES["file"]["name"];
//
$thumbnail = $newfilename;
//
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $thumbnail);
//
$sql = "INSERT INTO videos ( filename ) VALUES( '$thumbnail' )";
//
mysql_query($sql);
$file_location = '<a href="http://www.--.com/upload/' . $thumbnail . '">' . $thumbnail . '</a>';

///////////////////////////////////////
/////////////////////////////////////////

$row = mysql_query("SELECT channel_name FROM channels WHERE channel_id = '$channel'");

while( $result = mysql_fetch_assoc($row) ) $channel_name = $result['channel_name'];

// validate form
if ($form_submitted == 'yes') {

	if ($_SESSION['user_id'] == '') die();
	$post_vid_upload_token	= mysql_real_escape_string( $_POST['vid_upload_token'] );

	if ( $post_vid_upload_token != $_SESSION['vid_upload_token'] ) die();

	foreach ($_POST as $key => $value) {
      	if ($key == 'title' || $key == 'description' || $key == 'tags' || $key == '$channel') {
            	if (!isset($value) || ($value == '')) {
                		$display_key	= @str_replace('_', ' ', $key);
                		$error_message	= $config['notification_error'];
                		$blk_notification = 1;
                		$error_message 	= $error_message . " - " . $display_key . "  - $lang_required ";
                		$procede 		= false;
            	}
        	}
    	}

    	if ( $channel == '99999' ) {

    		$error_message	= $config['notification_error'];
     		$blk_notification = 1;
     		$error_message 	= $error_message . " - $lang_select_channel";
    		$procede 		= false;
    	}
} else {

	$procede = false;
}

// display page with form error
if ($procede == false && $form_submitted == 'yes') {
	$template 		= "themes/$user_theme/templates/main_1.htm";
    	$inner_template1 	= "themes/$user_theme/templates/inner_upload_video_form.htm";
    	$TBS 			= new clsTinyButStrong;
    	$TBS->NoErr 	= true;
    	$TBS->LoadTemplate("$template");
    	$TBS->Render 	= TBS_OUTPUT;
    	$TBS->Show();
	@mysql_close();
    	die();
}

// disply clean page
if (!isset($form_submitted) || ($form_submitted == "")) {
	$template 		= "themes/$user_theme/templates/main_1.htm";
    	$inner_template1 	= "themes/$user_theme/templates/inner_upload_video_form.htm";
    	$TBS 			= new clsTinyButStrong;
    	$TBS->NoErr 	= true;
    	$TBS->LoadTemplate("$template");
    	$TBS->Render 	= TBS_OUTPUT;
    	$TBS->Show();
    	@mysql_close();
    	die();
}

if ($procede == true && $form_submitted == 'yes') {
    if ($_SESSION['user_id'] == "") die();

    //=================================START OF UPLOAD=================================
    $THIS_VERSION = '2.0';
    if (isset($_GET['cmd']) && $_GET['cmd'] == 'about') {
        kak("<u><b>UBER UPLOADER FILE UPLOAD</b></u><br>UBER UPLOADER VERSION =  <b>" .
            $UBER_VERSION . "</b><br>UU_FILE_UPLOAD = <b>" . $THIS_VERSION . "<b><br>\n");
    }
    $tmp_sid = md5(uniqid(mt_rand(), true));
    ///////////////////////////////////////////////////////////////////////
    // This is where you might set your config file eg.                  //
    // if($_SESSION['user'] == "tom"){ $config_file = 'uu_tom_config'; } //
    ///////////////////////////////////////////////////////////////////////
    $config_file = $default_config_file;
    $path_to_upload_script .= '?tmp_sid=' . $tmp_sid;
    $path_to_ini_status_script .= '?tmp_sid=' . $tmp_sid;

    if ($MULTI_CONFIGS_ENABLED) {
        $path_to_upload_script .= "&config_file=$config_file";
        $path_to_ini_status_script .= "&config_file=$config_file";
    }

    //allow form to be refilled on error
    foreach($_POST as $key=>$value) {
         $$key = $value;
    }

    $template = "themes/$user_theme/templates/main_1.htm";
    $inner_template1 = "themes/$user_theme/templates/inner_upload_video.htm";
    $TBS = new clsTinyButStrong;
    $TBS->NoErr = true;// no more error message displayed.
    $TBS->LoadTemplate("$template");
    $TBS->Render = TBS_OUTPUT;
    $TBS->Show();

    @mysql_close();
    die();
    //===============================================================END OF UPLOADER================================================================
}

function die_spammer_alerts() {

global $member_uploading, $user_ip, $admin_email, $site_name;

	$subject	= 'Possible Video Spamming !!';

	$message	= "The following member uploaded a possible spam video: => " . $member_uploading . "\n\n" . "The IP used: " . $user_ip . "\n";

	$to		= $admin_email;
      $from 	= $site_name;

      mail($to, $subject, $message, "From: $from");

      // if config auto ban spammer is true - enter user name and ip to ban table
      /*
      include_once ('classes/config.php');
      $sql		= "DELETE FROM videos WHERE video_id = '$raw_video'";
      $query	= @mysql_query($sql);
      */

      write_log($message);
}

function write_log($message) {
	global $tracking_log_file;

	if (@file_exists($tracking_log_file)) {
    		$fo = @fopen($tracking_log_file, 'a');
        	@fwrite($fo, $message);
        	@fclose($fo);

    	} else {
      	$fo = @fopen($tracking_log_file, 'w');
        	@fwrite($fo, $message);
        	@fclose($fo);
    	}
exit();
}


?>

[Can you please tell me what each of these lines means?]

Thanks for your reply.

I believe this is what you're asking for - see attached file

[Can you please tell me what each of these lines means?]

Thanks ginerjm for that. Much appreciated. Very helpful.

 

Another question, please; Currently, the user id populates the Thumbnail field, of the Upload Form, upon the Form page opening.

And after Submit, the (uploaded) file name is added to the user_id, in that field. 

 

How can I change it so the user_id doesn't populate the Thumbnail field upon opening the Form page, but is added to the (uploaded) file name,

after Submit?

 

Any help will be appreciated

[Can you please tell me what each of these lines means?]

Thank you. Can you please tell me something about how $thumbnail?

[Can you please tell me what each of these lines means?]

Thanks for your reply, but I don't understand what you're saying

[Can you please tell me what each of these lines means?]

Thanks for the replies.

Yes, how can I fix the extra extension please?

 

Regarding "which line", can you please explain what this code is doing with $thumbnail and $newfilename?