ekimmai Posted August 18, 2011 Share Posted August 18, 2011 I'm trying to test disguising of php files and using the following code in my .htaccess file: AddType application/x-httpd-php .foo The php file in question (now named file.foo) reads as follows and plays a hidden flash file: <?php $file = "/home/domain/private/"; header('content-type: application/x-shockwave-flash'); readfile($file.$_GET['swf']); ?> The php (file.foo) is "called" as follows: <html> <head> <title>Flash</title> </head> <body> <object width="550" height="400"> <embed src="file.foo?swf=DG.swf" quality="high" type="application/x-shockwave-flash" WMODE="transparent" width="360" height="26" pluginspage="http://www.macromedia.com/go/getflashplayer" allowScriptAccess="always" /> </object> </body> </html> But whenever I try any such rewrite I just get a blank page. Can anyone tell me whether this is a .htaccess issue or whether this method will work at all? If it won't work then is there an alternative to help disguise/hide my files? Please help!! THANKS!!! Quote Link to comment Share on other sites More sharing options...
WebStyles Posted August 18, 2011 Share Posted August 18, 2011 I really don't see how that method of calling a flash file will work, nor what the point is (just trying to hide the path to the file?)... Quote Link to comment Share on other sites More sharing options...
xyph Posted August 18, 2011 Share Posted August 18, 2011 Does calling 'file.foo?swf=DG.swf' work? There's no reason this method shouldn't work, though it does seem redundant. Quote Link to comment Share on other sites More sharing options...
ekimmai Posted August 19, 2011 Author Share Posted August 19, 2011 I believe the method as a whole is sound as it enables one to store the flash file outside of the root directory and make it invisible to the user in "view source" and temp internet files. My next objective was to try and make it harder still for anyone to locate and download the swf file by adding in additional disguise, but I may be barking up the wrong tree. Was also considering an .htpasswrd file to protect the private directory but would that be worthwhile and prevent direct access to the flash file whilst still allowing for the file to be played via mymusic.html? Thanks for the replies so far! Quote Link to comment Share on other sites More sharing options...
xyph Posted August 19, 2011 Share Posted August 19, 2011 There's no way a user can run a flash file without it physically being on their computer. Your method won't prevent a user from being able to 'download' your content. It's about as useful as a no-right-click script. The only advantage of doing it your way is to prevent remote linking by verifying the HTTP_REFERER Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.