strantheman
Programmer
This started as a simple security addition to my project, and has become a major road block. I haven't posted in these forums for a very long time, but at this point I think you guys are my best chance at an answer... if there is one. Without linking you guys to exactly what im doing, ill try to explain the project.
1) I have a flash movie that does some cool stuff
2) I want to let people embed this movie in their web pages
3) I don't want anyone not registered on my web site to be able to post this movie on their pages
4) I don't want to use Javascript because many free hosts that my users may have will turn javascript off on flash movies. I want this security to work on everyone's browser/ web location regardless of Javascript being enabled.
In order to prevent a million people from using my content and bandwidth by just copying the EMBED code, I decided I could just have the flash movie check the location of the web site that is requesting it. Then I could check against my user list and ensure that it's a valid location, and allow the movie to play. In other words, if tries to copy/paste my EMBED code, when his page loads PHP will see this location and check it against my database.
I have a PHP file use the header() to output the flash movie using the following code:
Then the EMBED tag a user would copy/paste simply looks like:
In case you aren't familiar with using header() in this way, it basically allows you to run some PHP commands, and then deliver a GIF or JPG or in my case, a SWF to the user's browser. This is completely transparent, and the browser has no idea.
PROBLEM:
In my test.php file I am trying to read the $HTTP_REFERER variable, but it comes up as an empty string. If I link directly to I can see the flash movie, and PHP can see that my $HTTP_REFERER was However, when I use the EMBED tag in whatever.html, the movie comes up, but PHP gets an empty string. There does not appear to be a way to detect where the movie is being played from.
There is a javascript solution, and in conjunction with some clever actionscript, I can have the flash movie read the browser's current location with WINDOW.LOCATION, and then send this to my PHP script. However, as I stated above, many of the sites are disabling script access for flash movies, so 90% of my users who do not have their own web sites, would not be able to have the javascript functionality I require.
FURTHER ILLUSTRATION:
I am asking this in the PHP and Actionscript forums. I suspect that the solution is probably going to be a PHP one, but im not sure what to do. Thank you for your time.
1) I have a flash movie that does some cool stuff
2) I want to let people embed this movie in their web pages
3) I don't want anyone not registered on my web site to be able to post this movie on their pages
4) I don't want to use Javascript because many free hosts that my users may have will turn javascript off on flash movies. I want this security to work on everyone's browser/ web location regardless of Javascript being enabled.
In order to prevent a million people from using my content and bandwidth by just copying the EMBED code, I decided I could just have the flash movie check the location of the web site that is requesting it. Then I could check against my user list and ensure that it's a valid location, and allow the movie to play. In other words, if tries to copy/paste my EMBED code, when his page loads PHP will see this location and check it against my database.
I have a PHP file use the header() to output the flash movie using the following code:
Code:
header('Content-Type: application/x-shockwave-flash');
print file_get_contents('test.swf');Then the EMBED tag a user would copy/paste simply looks like:
Code:
<embed allowScriptAccess="never" src="[URL unfurl="true"]http://www.mywebsite.com/test.php"[/URL] quality="high" pluginspage="[URL unfurl="true"]http://www.macromedia.com/go/getflashplayer"[/URL] type="application/x-shockwave-flash" width="100%" height="100%"></embed>In case you aren't familiar with using header() in this way, it basically allows you to run some PHP commands, and then deliver a GIF or JPG or in my case, a SWF to the user's browser. This is completely transparent, and the browser has no idea.
PROBLEM:
In my test.php file I am trying to read the $HTTP_REFERER variable, but it comes up as an empty string. If I link directly to I can see the flash movie, and PHP can see that my $HTTP_REFERER was However, when I use the EMBED tag in whatever.html, the movie comes up, but PHP gets an empty string. There does not appear to be a way to detect where the movie is being played from.
There is a javascript solution, and in conjunction with some clever actionscript, I can have the flash movie read the browser's current location with WINDOW.LOCATION, and then send this to my PHP script. However, as I stated above, many of the sites are disabling script access for flash movies, so 90% of my users who do not have their own web sites, would not be able to have the javascript functionality I require.
FURTHER ILLUSTRATION:
Code:
(web page)
|
|__________> (EMBED tag for test.php)
|
|_________> (My server reads referer
and displays flash movie)I am asking this in the PHP and Actionscript forums. I suspect that the solution is probably going to be a PHP one, but im not sure what to do. Thank you for your time.