[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Stop swf file loading directly in browser

Posted on 2007-08-07
27
Medium Priority
?
598 Views
Last Modified: 2013-11-05
Hi,

I have a flash movie that i have created.  It is viewed by accessing the file flash.php

this file checks that the person is logged in and if they are logged in then it displays the movie flash.swf

how can i stop people who are not logged in accessing flash.swf directly from the browser?

thanks
0
Comment
Question by:ussher
  • 12
  • 11
  • 4
27 Comments
 
LVL 34

Expert Comment

by:Aneesh Chopra
ID: 19651838
your PHP can pass a variable (for example: loginStatus true or false) to SWF root using FlashVars

and SWF should check for this variable, if loginStatus == "true" then only start playing SWF otherwise, just display a message that "user is not logged in"


-------------------
Aneesh Chopra
-------------------
0
 
LVL 16

Expert Comment

by:Kiran Paul VJ
ID: 19652008
The best method to stop users from directly accessing the swf is to disable hotlinking of swf files. If your server has CPanel control panel, you can directly do it from there.

Otherwise check this link http://www.fuitadnet.com/forums/showthread.php?t=3053

hope this helps
kiranvj
0
 
LVL 1

Author Comment

by:ussher
ID: 19652145
Thanks for your replies.

Aneesh Chopra:
Should have said.   the swf file is not made with the Flash maker it was made by vnc2swf so i dont have access to the variables inside the flash.

kiranvj:
I have Plesk control panel.  Reading thread now.

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Author Comment

by:ussher
ID: 19652176
OK i have read the thread about hotlinking. and it appears to be to stop other sites form including my SWF file in their content and displaying it.

This was not what i had in mind when i asked the question, but is important.

what i want is
hxxp://mysite.com/flash.php

check if user is logged in
if YES show flash.swf

If No show "Please log in"

But the problem i have is if somebody who is not logged in goes straight to
hxxp://mysite.com/flash.SWF

they totally bypass the IF LOGGED IN check and can view the movie.

How can i stop them from being able to view the movie.

If the SWF was a php file i would store it in an offline directory and use and include statement so the address was not visible in the browser but i dont know how to do this for a swf file.

cheers.
0
 
LVL 16

Expert Comment

by:Kiran Paul VJ
ID: 19652180
i think you can disable hotlinking from Plesk, got from another site

Use Plesk CP >> Domains >> Domainname >> Hosting >> Click Hotlink Protection and enable it.
0
 
LVL 34

Expert Comment

by:Aneesh Chopra
ID: 19652200
as per your requirement, it is not possible without altering the SWF only.
you want someone should not be able to see the SWF directly, then you should have this check inside SWF only

another alternative is, using .htaccess to restrict directory access without username/pass
this way, no one can access directory files without logining in
0
 
LVL 1

Author Comment

by:ussher
ID: 19652223
is there any way to store the SWF in a directory above root and still have it played when called?

/httpfiles/flash.php
            <param name="movie" value="../offlineFiles/flash.swf">
/offlineFiles/flash.swf

not possible??
0
 
LVL 34

Expert Comment

by:Aneesh Chopra
ID: 19652232
it is not possible..
0
 
LVL 16

Expert Comment

by:Kiran Paul VJ
ID: 19652236
>>But the problem i have is if somebody who is not logged in goes straight to
>>hxxp://mysite.com/flash.SWF

If you enable hotlinking for swf files, even if someone types hxxp://mysite.com/flash.SWF it will be blocked
0
 
LVL 34

Expert Comment

by:Aneesh Chopra
ID: 19652237
because SWF run on client machine not on server side
0
 
LVL 1

Author Comment

by:ussher
ID: 19652238
another option:

is there any way to use .htaccess to block any files with the extention of .swf from being called by the browser?

so when .php file opens it will play but when .swf file is called htaccess blocks it.

Hoping there is a way before i give up looking.

0
 
LVL 1

Author Comment

by:ussher
ID: 19652246


>> If you enable hotlinking for swf files, even if someone types hxxp://mysite.com/flash.SWF it will be blocked

Really?  

If this works then that would solve my problem.

Ill try it now.

0
 
LVL 16

Expert Comment

by:Kiran Paul VJ
ID: 19652255
>>If this works then that would solve my problem.

It should work.
0
 
LVL 16

Expert Comment

by:Kiran Paul VJ
ID: 19652259
do you have a windows server or a linux server?
0
 
LVL 1

Author Comment

by:ussher
ID: 19652265
linux.

but my plesk control pane does not appear to have "hotlink protection"

I am logged on as root. it does not appear in the 'hosting' section of the domain name.

ill look around for it.
0
 
LVL 16

Accepted Solution

by:
Kiran Paul VJ earned 1000 total points
ID: 19652297
create a file .htaccess and write this

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://yoursite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com$      [NC]
RewriteRule .*\.(swf)$ http://www.yoursite.com [R,NC]

put the file in the site root
0
 
LVL 1

Author Comment

by:ussher
ID: 19652357
The ,htaccess file successfully stopped me from accessing the SWF file from inside the PHP file and directly when the name of yoursite.com did not match my site name.

Then when i changed the .htaccess file to include my site name i was able to see the swf movie from inside the php file and directly.

So the script appears to successfully limit the access down to only viewable from my site but from my site either version is accessable.  .php and .swf

0
 
LVL 16

Expert Comment

by:Kiran Paul VJ
ID: 19652365
can u directly access the swf file now? like hxxp://mysite.com/flash.SWF
0
 
LVL 1

Author Comment

by:ussher
ID: 19652394
yes.
0
 
LVL 16

Expert Comment

by:Kiran Paul VJ
ID: 19652435
i might be cache showing up, can u clear the cache and check again.
0
 
LVL 1

Author Comment

by:ussher
ID: 19652473
Nice Thinking.

That has done it.  Thanks.

After i clear the cache and go directly to the
hxxp://mysite.com/flash.swf  

I am automatically redirected to the top page of the site.  This is exactly what i wanted. Thanks
0
 
LVL 16

Expert Comment

by:Kiran Paul VJ
ID: 19652483
Thats great, glad to know it worked and thanks for the points and grade.

kiranvj
0
 
LVL 1

Author Comment

by:ussher
ID: 19675546
Update:
 
Internet Explorer as usual is making life difficult for me.

The above works perfectly for firefox, but in internet explorer version 6 the SWF files will not load at all. Not into the PHP pages or directly to the swf files.

Any Ideas as to why this might be?

0
 
LVL 16

Expert Comment

by:Kiran Paul VJ
ID: 19676540
The disable Hotlinking feature works in server. So it should work fine in any browser.

1) Was it working fine in IE6 before you disabled hotlinking.?
2) When you access the swf files directly in IE6, is the page redirected to your custom page.
0
 
LVL 1

Author Comment

by:ussher
ID: 19688798
should  i open a new question for this?

I always seam to have problems with Internet Explorer.

WITH .htaccess
flash.php works correctly in firefox. The swf file can be viewed.
flash.swf works correctly in firefox. when i open it direclty in the browser i am redirected to the top page of the site.

flash.php fails in IE. The containing page can be viewed but never loads. A continual loading symbol and a white page.
flash.swf works correctly in IE. when i open it direclty in the browser i am redirected to the top page of the site.

WITHOUT .htaccess
flash.php works correctly in firefox. The swf file can be viewed.
flash.swf works correctly in firefox. when i open it direclty in the browser i am redirected to the top page of the site.

flash.php works correctly in IE. The swf file can be viewed.
flash.swf works correctly in IE. when i open it direclty in the browser i am redirected to the top page of the site.


So the problem is with the SWF file being not being loaded into the php file when the htaccess file is in place.

0
 
LVL 16

Expert Comment

by:Kiran Paul VJ
ID: 19689481
hi ussher,

>>should  i open a new question for this?
It will be good I think, because since this question is already closed, it will not appear in open questions list. So you wont be getting help from other experts.
You can give link to this page in the new question.

And regarding the problem, if possible can you please give a link to a test page, so I can check it.

kiranvj
0
 
LVL 1

Author Comment

by:ussher
ID: 19689731
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
This Micro Tutorial will teach to how to utilize bit rate in Adobe Flash Media Live Encoder.
Suggested Courses
Course of the Month19 days, 13 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question