DjMikeWatt

Add a salt? I'm not sure what that means... (also could be because of my current state of... being at the moment. :-P

I learned a lot by buying a few site templates that I really liked from sites like templatemonster.com and 4templates.com... then I built those out, customizing everything along the way. I learn best by seeing how it's done, then figuring out *why* it works... if this style of learning works for you, then you might benefit from "reverse engineering" a few of these templates, too... most make heavy use of css and are well organized.

I think I may have a fairly simple solution to this. I'll use MD5 to encrypt the file name, much like I do with passwords. Have the page call the DB value, which will always be the long, 32 character encrypted string. So, even IF people go in to view source and try to see what's back there, they'll only have the path and some long random file name that wouldn't help in deducing what other files' names might be. I like it - feels very simple. I'm gonna give it a shot, but in the meantime, anyone think of any reason why this isn't go to work as expected? (This thread should probably be moved to server side/php now... ?)

Yeah, I'm actually really surprised that Apache doesn't have a simple solution for this, it seems like a very reasonable and common thing to want to do... "if a request for files in [media_directory], deny access unless request originates from [my_page.php]. I'm not trying to keep out hackers and professionals, just the average people who would be on the site...

This sounds like it makes sense... now I just have to make sure I'm following. My hosting account is on a shared server. My hosting accounts root lives at "http://wattproductions.com" - On the actual server, that "root" is actually at /home/content/d/j/m/[username]/html/ Now, I don't have access to anything above the "wattproductions.com" level - everything above "html" is out of range for me. This site I'm working on, however, uses domain aliasing - so it lives at "radioimaging101.com", which is in reality, at: wattproductions.com/sites/imaging101/ Can I use the same principle to place them simply above the /imaging101 directory, which is the http_root of this site?

I'm trying to follow you here... not quite there yet. I do use php, in fact, the files are called by php as it is now. The files are changed every month, they are stored in year and month specific directories, and the file names have the month, year, and indicator (v1, I2, I3, S4 - there are a total of 13 files each month) As it is right now, the video files are called by: /video/<?php echo date(Y).'/'.date(F).'/'.date(Y).'_'.date(F).'_v'.$v.'.flv';?> which renders as /video/2009/August/2009_August_v1.flv for example... where $v is determined by $_GET in the referring link. Audio files are very similar, but doesn't use the variable at the end, instead, each link using the above and inserting it's own indicator at the end, like: /audio/<?php echo date('Y').'/'.date('F').'/'.date('Y').'_'.date('F').'_I1.mp3';?> which renders as /audio/2009/August/2009_August_I1.mp3 for example... where "I1" is changed in each link (I2, I3, S1, S2, etc.) Now, having said all that, this naming convention is not set in stone - meaning, it's not too late for me to reconfigure the whole thing. But what I'm not following in your post, is this... even using a $_GET param to call the file, wouldn't the file path still be visible on the output.php page? I mean, if you loaded that page then clicked "view source" wouldn't you see the full path in there somewhere? If not, how would the page know what file to display without a path (even a dynamically generated one) somewhere in the code?

So why are you sending people to /filmo.php instead of just sending them to http://phyllisquek.com? I know that doesn't answer your question, I'm just curious.

Hi there... Having a hard time finding the best answer to this. I'm working on a site that allows access to media files (mp3|flv) through the site. The site is a subscription service and uses php sessions to authenticate users. All pages that contain media files are protected and require authentication for access. The problem is, if you subscribe for just a short time you would be able to figure out our naming conventions and paths to media (follow date structured directories). How can I prevent the file from being served outside of a particular page asking for it? Even more so, I need the paid users to be able to right-click save-as from that page, but still block access to anyone else trying to access it. I've looked into mod_rewrites and from what I understand that would only be effective against hot-linkers, but wouldn't do anything to stop someone from just typing into their browser: http://mysite.com/media/2009/August/media_file.flv I know there must be a way to do this, but I just don't know where to begin. Any help is much appreciated.

Sorry for the wasted post... I just saw my typo... no dot before the second "date(Y)". Solved!

I have: embed src="video/<?php echo (date(Y).'/'.date(F).'/'date(Y).'_'.date(F).'_'.$row_rs_video['account_id'].'_v'.$v.'.mov') ;?>" Where, $v is set earlier in the page and is either '1' or '2'. The $row_rs_video['account_id'] contains a numeric id from the DB. What I'm hoping to get is something like this: embed src="video/2009/August/2009_August_8_v2.mov The reason I'm posting is because I'm getting an "unexpected T_STRING" error on this line of code returned from the server when I run the page...

I'm new at all this, so this question is more for my own benefit than anything else... What's wrong with the HTML attribute "disabled"? Isn't that what it's for?

Well, I found this code somewhere else - it works, but I'm not really sure what I'm seeing, you know? I'm not content with it working, I want to know why it's working. date("F", strtotime("+1 month", time())) As far as example 3 on the php.net site, my questions are: What are the parameters in mktime()? Do the date(d) and date(Y) sections need to be there in a case where I'm only looking for the month (in date(F) format)?

So, if date(F) displays "August", how would I get it to display "September"? I've looked up date function and mktime function and I'm not quite following.

THAT DID IT!! So, for anyone struggling with having a user form submit and insert a record, here's a way to do it... I have no idea if it's the *best* way, or the *right* way, but it is definitely *a* way!

Okay, so I'm ALMOST there... could really use a hand with this last bit, though. I've gotten it to insert the record and upload the file. I'm using a hidden form on the upload script that inserts the record based on the fields submitted on the upload hmtl form and submitting that form when the upload script loads using js. <body onLoad="document.insert.submit()"> <?php $target = "audio/".$_POST['year']."/".$_POST['month']."/"; $target = $target . basename( $_FILES['piece_1']['name']) ; $ok=1; if(move_uploaded_file($_FILES['piece_1']['tmp_name'], $target)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else { echo "Sorry, there was a problem uploading your file."; } ?> </p> <form id="insert" name="insert" method="POST" action="<?php echo $editFormAction; ?>"> <input name="account_id" type="hidden" id="account_id" value="<?php echo $_POST['account_id'] ; ?>" /> <input name="year" type="hidden" id="year" value="<?php echo $_POST['year'] ; ?>" /> <input name="month" type="hidden" id="month" value="<?php echo $_POST['month'] ; ?>" /> <input name="txt_piece_1" type="hidden" id="txt_piece_1" value="<?php echo $_POST['txt_piece_1'] ; ?>" /> <input name="piece_1" type="hidden" id="piece_1" value="<?php echo $_POST['piece_1'] ; ?>" /> <br /> <input type="hidden" name="MM_insert" value="form1" /> </form> My ONLY remaining problem is that one of the fields in db is supposed to be the name of the file. If the user uploads "sample1.mp3", then I want the field "piece_1" to have the varchar value of "sample1.mp3". It appears that file fields do not pass this info along in the standard way (I can't just call it like I would a normal form field - returns null). Can I use php to call that value? Like maybe something like: <?php echo $_FILES['piece_1']['name']; ?> (I'm sorry if this is obvious - Like I'm answering my own questions... It helps me a lot to work things out on boards like this - and, my hope is, that "showing my work" will help others who visit the board later looking for answers like this!)