Jump to content

Archived

This topic is now archived and is closed to further replies.

trillion

stop direct access to file

Recommended Posts

I need to deny direct access to a php file. This file builds an xml formated output for an mp3 player that uses XSPF playlists. I have tried the methods mentioned here and these will come in handy for other areas but on this issue these techniques are not working.
http://www.codingforums.com/showthread.php?p=496650

The file that calls the php playlist file is a Flash file. The flash file is calling the playlist so the linked examples above fail because the playlist is not getting the correct message.
I have worked with php/flash inter-communication before but I did not build this mp3 player. This is the player: http://musicplayer.sourceforge.net/

So I need another way to keep the user from accessing the playlist file directly.

Thanks

Share this post


Link to post
Share on other sites
What webserver are you using (IIS, Apache)?

# EDIT #
You'll want to put the PHP file in it's own folder and put a .htaccess file in the same folder with the following contents:

.htaccess
[code]
deny from all
[/code]

Share this post


Link to post
Share on other sites
The server is apache.

The problem is that the playlist file is called from a flash .swf
the .swf playlist access appears to the server as a regular direct playlist file access.

Perhaps if I could allow only designated php files to access the playlist file.

For example:
I have a file player.php. This file holds the .swf player. If this file only was granted access to open readable the playlist file. I am not sure this will work either as it is actually the .swf that opens the playlist.php. Also the playlist.php output is an XML playlist doc if that has any effect as to securing the contents.

Share this post


Link to post
Share on other sites
How about an intermediate php file (like you suggested).
Your swf requests secure.php which

[code]
/player.swf
/player.php
/locked/.htaccess
/locked/playlist.php
[/code]

.htaccess contains:
[code]
deny from all
[/code]

player.php will have access to playlist.php because it's on the server, but the .htaccess file will not allow anyone else to call it directly (on one can go http://musicplayer.sourceforge.net/locked/playlist.php

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.