tgpfarm Posted June 12, 2007 Share Posted June 12, 2007 ok let me explain my problem in the most detail i can. i am using a media player to play flv files on a website. i am using the jeroenwijering media player located at http://www.jeroenwijering.com now my flv files are located outside of my web root and being pulled in by a php file. the directory structure is like the following: /home/username/movies/videos.flv /home/username/website/stream.php this is an apache server running on *nix this file stream.php looks like the following: $file = "/home/username/movies" . $_GET["file"]; $fh = fopen($file, "rb") or exit("Could not open $file"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Cache-Control: no-store, must-revalidate"); header("Content-Type: video/x-flv"); header('Content-Length: ' . filesize($file)); while (!feof($fh)) { print(fread($fh, filesize($file))); } fclose($fh); now the media player is embedded in my site using the following: <div id="player"> <embed id="mpl" width="320" height="260" flashvars="file=stream.php?file=video.flv&autostart=true&usefullscreen=false" allowfullscreen="false" quality="high" name="mpl" src="movieplayer/mediaplayer.swf" type="application/x-shockwave-flash"/> </div> all this works fine. a surfer cannot access /home/username/movies from a url. but the problem is that if you view the source of the page you can see the players flashvars, then all you have to do is: www.mysite.com/stream.php?file=video.flv and bam you download the video! i need to make it so you can not directly access stream.php from the url. I have tired the following in stream.php already without success: if (!$_SERVER['HTTP_REFERER']){ print "This page can't be accessed directly. Please click back to start over."; } and $me = basename(__FILE__); // get the file name portion of the current include file if(eregi($me,$_SERVER['REQUEST_URI'])){die('This file cannot be accessed directly!');} and if (!defined("where_this_was_defined_on_the_calling_page")) { die ("Don't waste your time trying to access this file"); } all of these die with the default response and do not play the video. so i dont know if i need to put stream.php in a dir and write a .htaccess file that will deny outside or what? i so do not know how the .htaccess file would look so if that is what i need to do can you please include what .htaccess would look like. thanks for you time Quote Link to comment https://forums.phpfreaks.com/topic/55344-deny-direct-url-access-to-php-file/ Share on other sites More sharing options...
Psycho Posted June 12, 2007 Share Posted June 12, 2007 if (basename($_SERVER[php_SELF]) == basename(__FILE__)) { die ("Don't waste your time trying to access this file"); } EDIT: OK, on 2nd thought that would not work IF the page including this page is the same name. For example if you have the page "stream.php" which calls "stream.php" in another directory. But, should work for your puposes. Quote Link to comment https://forums.phpfreaks.com/topic/55344-deny-direct-url-access-to-php-file/#findComment-273555 Share on other sites More sharing options...
tgpfarm Posted June 12, 2007 Author Share Posted June 12, 2007 nope, the response from stream.php when i try to play a video is still "Don't waste your time trying to access this file" edit: icq me at 366621126 if you want to see how this site is working Quote Link to comment https://forums.phpfreaks.com/topic/55344-deny-direct-url-access-to-php-file/#findComment-273561 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.