[SOLVED] php SESSION with firefox

[Fsoft]

Hello,

 

Sir I am getting a problem ..

 

I have a script like this :

 

file1.php

<?php
SESSION_START();

$_SESSION["see"] = "ok";

echo "<embed src=\"file2.php\" width=\"200\" height=\"200\">

?>

 

file2.php

<?php
SESSION_START();


if($_SESSION["seen"] == "yes")
{
echo "Our system says that you already saw the video once.";
exit();
}

if($_SESSION["see"] == "ok")
{
echo "http://site.com/love.wmv";
$_SESSION["seen"] = "yes";
}

 

Well, as the code says, if some one goes to file1, he gets a WM player which is linked to file2.php

 

In file2, using php SESSIONS, if you go for the first time, your video will work, but if you refresh the page of something, the video will not work, it means even if you try to go to file2.php to get the .wmv file link, you cant.

 

Now the problem is, it works this way in IE and chrome, problem is in firefox.

 

In firefox, if I go to file1.php , video player is OK, then If I try to go to file2.php, I get error saying you already saw the video. THE problem is, if I restart firefox, go to first page, and instead of going directly to file2, I go to source code of file1 and in that <embed> code, I click on file2.php , I am able to see the .wmv file link

IF I refresh the source code window, I get the error.

 

I don't want people to see the .wmv file link if they do this way..

 

Any help available??

 

Thanks a lot.

[MadTechie]

Your echoing the link to the browser!

 

if you need to send it to the browser then your can't really hide it, it looks like your attempting to hide video links, if so then you maybe better off using sessions and a flash loader, and have flash read from a hidden php file that generates a filename from a session

[The Little Guy]

Shouldn't this:

SESSION_START();

 

be lowercase? not sure if that will make a difference, as I always have done lowercase functions...

[RestlessThoughts]

No, The Little Guy, in this case it doesn't make a difference.

 

You do know that sessions are not a great way to do this, if they close their browser they can just come back and see the video again.

 

Anyway, as MadTechie mentioned you can view source code and find the video url in any brower since you're echoing it out on file1.

 

I'm thinking you can hide the file if you just play the video on file2 instead of on file1, ie the embed src code is part of file2 instead of file1. Then I think when viewing the source code they should just see the link to file2, in which case on file2 you just use a server call to fetch the page url and if it's file2 instead of file1 boot them off or give an error instead of playing the video.

 

Then again it may just show the video link anyway. Haven't tested it and I'm very tired and may just be making up gibberish. If they can see the video link, maybe encrypting it and using php to decrypt would work? Just spitballing here.

[MadTechie]

The problem is the browser needs to resolve the link which means you can't encrypt it but would could encode it, adding a loader (flash, Java, etc, etc) will make it harder,

 

Now if the contents is on your site then you could just put it in a non public area and use something like readfile($hiddenpath."\".$_SESSION['file']);

if the file is on another server then you should use the same idea (pulling the path from a DB or something BUT this will use YOUR bandwidth, if you don't want to use your bandwidth look for a crackable solution ie html/JS solution