Jump to content

stop direct access to file


trillion

Recommended Posts

I need to deny direct access to a php file. This file builds an xml formated output for an mp3 player that uses XSPF playlists. I have tried the methods mentioned here and these will come in handy for other areas but on this issue these techniques are not working.
http://www.codingforums.com/showthread.php?p=496650

The file that calls the php playlist file is a Flash file. The flash file is calling the playlist so the linked examples above fail because the playlist is not getting the correct message.
I have worked with php/flash inter-communication before but I did not build this mp3 player. This is the player: http://musicplayer.sourceforge.net/

So I need another way to keep the user from accessing the playlist file directly.

Thanks
Link to comment
Share on other sites

The server is apache.

The problem is that the playlist file is called from a flash .swf
the .swf playlist access appears to the server as a regular direct playlist file access.

Perhaps if I could allow only designated php files to access the playlist file.

For example:
I have a file player.php. This file holds the .swf player. If this file only was granted access to open readable the playlist file. I am not sure this will work either as it is actually the .swf that opens the playlist.php. Also the playlist.php output is an XML playlist doc if that has any effect as to securing the contents.
Link to comment
Share on other sites

How about an intermediate php file (like you suggested).
Your swf requests secure.php which

[code]
/player.swf
/player.php
/locked/.htaccess
/locked/playlist.php
[/code]

.htaccess contains:
[code]
deny from all
[/code]

player.php will have access to playlist.php because it's on the server, but the .htaccess file will not allow anyone else to call it directly (on one can go http://musicplayer.sourceforge.net/locked/playlist.php
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.