Jump to content

.htaccess/php code - help please


ekimmai

Recommended Posts

I'm trying to test disguising of php files and using the following code in my .htaccess file:

AddType application/x-httpd-php .foo

 

The php file in question (now named file.foo) reads as follows and plays a hidden flash file:

<?php

$file = "/home/domain/private/";

header('content-type: application/x-shockwave-flash');

readfile($file.$_GET['swf']);

?>

 

The php (file.foo) is "called" as follows:

<html>

  <head>

    <title>Flash</title>

  </head>

  <body>

    <object width="550" height="400">

      <embed src="file.foo?swf=DG.swf" quality="high" type="application/x-shockwave-flash" WMODE="transparent" width="360" height="26" pluginspage="http://www.macromedia.com/go/getflashplayer" allowScriptAccess="always" />

    </object>

  </body>

</html>

 

But whenever I try any such rewrite I just get a blank page.

Can anyone tell me whether this is a .htaccess issue or whether this method will work at all?

If it won't work then is there an alternative to help disguise/hide my files?

 

Please help!! THANKS!!!

 

 

 

 

 

 

Link to comment
Share on other sites

I believe the method as a whole is sound as it enables one to store the flash file outside of the root directory and make it invisible to the user in "view source" and temp internet files.

My next objective was to try and make it harder still for anyone to locate and download the swf file by adding in additional disguise, but I may be barking up the wrong tree. Was also considering an .htpasswrd file to protect the private directory but would that be worthwhile and prevent direct access to the flash file whilst still allowing for the file to be played via mymusic.html?

 

Thanks for the replies so far!

Link to comment
Share on other sites

There's no way a user can run a flash file without it physically being on their computer.

 

Your method won't prevent a user from being able to 'download' your content. It's about as useful as a no-right-click script.

 

The only advantage of doing it your way is to prevent remote linking by verifying the HTTP_REFERER

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.