[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Php include("movie.mov") Error syntax error, unexpected '@'

Posted on 2007-10-14
18
Medium Priority
?
416 Views
Last Modified: 2009-02-15
I am trying to make video pages that allow you to view the video but not directly link to the video for download.  I did this same kind of deal with a photo gallery and it works like a charm, I assume its because of the way it reads the image in.  Ill take out all non essential html so its easier to read. Heres my code

video_viewer.php
------------------------------------

<script language="javascript">QT_WriteOBJECT('get_video.php?video=<?php echo $_REQUEST['video']; ?>' , width , height , '', 'kioskmode', 'true', 'scale', 'tofit');</script>

------------------------------------


get_video.php
------------------------------------

$path = "videos/";
ini_set('display_errors', 1);
  $from_name = $path . urldecode($_REQUEST['video']);
  include($from_name);
  break;
  return;

------------------------------------

Theoretically, atleast the way it worked with the image pages, is that when the viewer page calls the get_video page it reads the filename back in without showing it in the source code, but what appears to be happening is when it pulls it in it pulls it as reading the file and not the actual name of the file.

Any ideas????
0
Comment
Question by:chris_petey
  • 8
  • 4
  • 3
15 Comments
 
LVL 16

Expert Comment

by:Kiran Paul VJ
ID: 20074411
try this in video_viewer.php

<?php
// We'll be outputting a MOV file
$path = "videos/";
$from_name = $path . urldecode($_REQUEST['video']);
header('Content-type: video/quicktime');

header('Content-Disposition: attachment; filename='.$from_name);

readfile($from_name);
?>
0
 
LVL 16

Expert Comment

by:Kiran Paul VJ
ID: 20074419
0
 
LVL 7

Expert Comment

by:DiscoNova
ID: 20075181
In PHP, include() "includes _and_ evaluates the specified file". That means that the file is attempted to evaluate as PHP which - of course - it isn't.

As kiranvj said, you should use readfile() instead (with the suitable Content-type header as he's explaining). But you should *not* use the Content-disposition -header he suggested (since you *want* the file to be used in the browser and *not* have the browser show you a "Save as..."-dialog).
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:chris_petey
ID: 20075204
It looks like this code pulls in the video but how do i pull in just the filename?  I'm using the QT_WriteOBJECT method to write out the code in the page, will this method work without having to use this?
0
 
LVL 7

Expert Comment

by:DiscoNova
ID: 20075230
Assuming the first argument for QT_WriteOBJECT is the URL of the video, for the thing to work in the first place, you don't want to return the filename from get_video.php (instead you want to return the actual contents of the video file).
0
 
LVL 7

Expert Comment

by:DiscoNova
ID: 20075237
As to "how do i pull in just the filename", it's just like this:

<?php
$path = "videos/";
  $from_name = $path . urldecode($_REQUEST['video']);
  print($from_name);
?>

But I really think that is not what you want to do :)
0
 
LVL 7

Expert Comment

by:DiscoNova
ID: 20075242
Furthermore, using something like that in a live environment would be something short of shooting yourself in the foot.

Consider get_video.php?video=../../../../../../../../../../../etc/passwd
0
 

Author Comment

by:chris_petey
ID: 20075252
No its prolly not such a good idea after seeing that :-)  I'm just trying to load in a quicktime movie without actually showing the direct link to the movie.  For leeching purposes.
0
 
LVL 7

Expert Comment

by:DiscoNova
ID: 20075327
I would suggest using some sort of translation matrix, where you only provide and if to get_video.php which will, based on the id, return the contents of the video. Something like this (not tested, prone to typos):

<?php

$matrix = Array(
  "abc" => "my_little_pony.mov",
  "def" => "teletubbies.mov",
  "ghi" => "debbie_does_dallas.mov",
);

$path = 'videos/';
if (!array_key_exists($_GET["v"])) {
  // Default if the user requests a video not in the translation matrix
  $file = $path.'goatse.mov';
} else {
  $file = $path.$matrix[$_GET["v"]];
}

header('Content-type: video/quicktime');
readfile($file);

?>

And this would be called like:

<script language="javascript">
  QT_WriteOBJECT('get_video.php?video=ghi' , width , height , '', 'kioskmode', 'true', 'scale', 'tofit');
</script>

...because no-one's really interested in My little pony or teletubbies, right :)
0
 
LVL 7

Expert Comment

by:DiscoNova
ID: 20075328
"where you only provide and if to" = "where you only provide an id to"
0
 

Author Comment

by:chris_petey
ID: 20080496
I like that idea, would something like this work?
I was playing around with this but when I put the if in the get_video page is shows a broken video link


video_viewer.php
--------------------------------
<?php
$authorized = "shonuff";
$video = urldecode($_REQUEST['video']);
?>

<script language="javascript">QT_WriteOBJECT('get_video.php?video=<?php echo urldecode($_REQUEST['video']); ?>' , width , height , '', 'kioskmode', 'true', 'scale', 'tofit');</script>
--------------------------------



get_video.php
--------------------------------
if ($authorized)
{
$path = "videos/";
$from_name = $path . $_REQUEST['video'];
header('Content-type: video/quicktime');
readfile($from_name);
break;
} else {
echo "You Cannot Link To The Video In This Way...";
}
--------------------------------
0
 
LVL 7

Expert Comment

by:DiscoNova
ID: 20080639
Basically yes. However, I think the thing you're actually trying to do is not possible.

See, you will need to pass the variable $authorized to get_video.php (and anyone with a browser who knows to look into the source will see that. Currently the mentioned variable is only present in video_viewer.php ... you need to realise that the browser is going to be doing two distinct GETs; one for video_viewer.php and another for get_video.php ... there's no way you can "include" a file directly into the page.

It needs to be understood, that whatever the user is able to see on their screen, they will be able to leach to their computer. Some methods of doing this are easier than other, but still - everything can be downloaded one way or another.
0
 

Author Comment

by:chris_petey
ID: 20080711
If i do this

if ($authorized)
{
echo "yes";
} else {
echo "No";
}

Then include the file it gets the variable from the viewer page and works fine.  Is this (get_video.php?video=<?php echo urldecode($_REQUEST['video']); ?>) and include not basically the same thing, it acceses the page and spits the code back out?

I know its impossible to keep everyone from taking things but im hoping to cut down on the amount of stealing.

I'm baseing this on a code i used for thumbnails that streams an image back to the browser and when the page was directly accessed would show an error type of message to the user.
0
 
LVL 7

Accepted Solution

by:
DiscoNova earned 500 total points
ID: 20080884
> Is this (get_video.php?video=<?php echo urldecode($_REQUEST['video']); ?>) and
> include not basically the same thing, it acceses the page and spits the code back out?

No. With "include" ("readfile" actually, but "include" is so much easier to visualise mentally), you put the contents of the mov-file into the page. With the latter approach, you are instantianing an object that will require whatever is coming from the provided URL. If it is not a video file, it will not be able to render it. If it is, it will. Unfortunately (well, not really- if it weren't like this the net wouldn't work) anyone who requests data from the exact same URL and is able to generate the same environment (pass the same variables, send the same cookies, write out headers same request headers) will get the exact same result. And there is nothing anyone can do about it. Sorry.

To counter what I've just said, there are ways to include the actual data directly within the page itself. These ways are by no way standard, and are supported by only certain versions of certain browsers. Perhaps you'd be better of with some sort of Flash-gizmo that'd have the video requester built into the code (nothing passed through variables)? That wouldn't be foolproof either, but would add the certain amount of skill required (well, youtube uses that sort of thing, and how far has that gotten them? youtubex.com, anyone?)
0
 
LVL 16

Assisted Solution

by:Kiran Paul VJ
Kiran Paul VJ earned 500 total points
ID: 20083171
@chris_petey
>>I'm just trying to load in a quicktime movie without actually showing the direct link to the movie.  For leeching purposes.

Deny direct access to the mov file from other site/server

create a file .htaccess and write this

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://yoursite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com$      [NC]
RewriteRule .*\.(mov)$ http://www.yoursite.com [R,NC]

check this http://www.experts-exchange.com/Software/Photos_Graphics/Web_Graphics/Macromedia_Flash/Q_22748528.html
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
Suggested Courses
Course of the Month18 days, 6 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question