Jump to content


Photo

stop direct access to file


  • Please log in to reply
4 replies to this topic

#1 trillion

trillion
  • Members
  • PipPipPip
  • Advanced Member
  • 41 posts

Posted 26 October 2006 - 07:47 AM

I need to deny direct access to a php file. This file builds an xml formated output for an mp3 player that uses XSPF playlists. I have tried the methods mentioned here and these will come in handy for other areas but on this issue these techniques are not working.
http://www.codingfor...ad.php?p=496650

The file that calls the php playlist file is a Flash file. The flash file is calling the playlist so the linked examples above fail because the playlist is not getting the correct message.
I have worked with php/flash inter-communication before but I did not build this mp3 player. This is the player: http://musicplayer.sourceforge.net/

So I need another way to keep the user from accessing the playlist file directly.

Thanks

#2 xsist10

xsist10
  • Members
  • PipPipPip
  • Advanced Member
  • 114 posts

Posted 26 October 2006 - 08:35 AM

What webserver are you using (IIS, Apache)?

# EDIT #
You'll want to put the PHP file in it's own folder and put a .htaccess file in the same folder with the following contents:

.htaccess
deny from all

SA PHP Archives - www.phparchives.za.org

#3 trillion

trillion
  • Members
  • PipPipPip
  • Advanced Member
  • 41 posts

Posted 01 November 2006 - 05:59 AM

The server is apache.

The problem is that the playlist file is called from a flash .swf
the .swf playlist access appears to the server as a regular direct playlist file access.

Perhaps if I could allow only designated php files to access the playlist file.

For example:
I have a file player.php. This file holds the .swf player. If this file only was granted access to open readable the playlist file. I am not sure this will work either as it is actually the .swf that opens the playlist.php. Also the playlist.php output is an XML playlist doc if that has any effect as to securing the contents.

#4 xsist10

xsist10
  • Members
  • PipPipPip
  • Advanced Member
  • 114 posts

Posted 01 November 2006 - 08:18 AM

How about an intermediate php file (like you suggested).
Your swf requests secure.php which

/player.swf
/player.php
/locked/.htaccess
/locked/playlist.php

.htaccess contains:
deny from all

player.php will have access to playlist.php because it's on the server, but the .htaccess file will not allow anyone else to call it directly (on one can go http://musicplayer.s...ed/playlist.php
SA PHP Archives - www.phparchives.za.org

#5 xsist10

xsist10
  • Members
  • PipPipPip
  • Advanced Member
  • 114 posts

Posted 01 November 2006 - 08:19 AM

I love your project by the way. Very nice :)
SA PHP Archives - www.phparchives.za.org




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users