Php include("movie.mov") Error syntax error, unexpected '@'

I am trying to make video pages that allow you to view the video but not directly link to the video for download.  I did this same kind of deal with a photo gallery and it works like a charm, I assume its because of the way it reads the image in.  Ill take out all non essential html so its easier to read. Heres my code

video_viewer.php
------------------------------------

<script language="javascript">QT_WriteOBJECT('get_video.php?video=<?php echo $_REQUEST['video']; ?>' , width , height , '', 'kioskmode', 'true', 'scale', 'tofit');</script>

------------------------------------


get_video.php
------------------------------------

$path = "videos/";
ini_set('display_errors', 1);
  $from_name = $path . urldecode($_REQUEST['video']);
  include($from_name);
  break;
  return;

------------------------------------

Theoretically, atleast the way it worked with the image pages, is that when the viewer page calls the get_video page it reads the filename back in without showing it in the source code, but what appears to be happening is when it pulls it in it pulls it as reading the file and not the actual name of the file.

Any ideas????
chris_peteyAsked:
Who is Participating?
 
DiscoNovaCommented:
> Is this (get_video.php?video=<?php echo urldecode($_REQUEST['video']); ?>) and
> include not basically the same thing, it acceses the page and spits the code back out?

No. With "include" ("readfile" actually, but "include" is so much easier to visualise mentally), you put the contents of the mov-file into the page. With the latter approach, you are instantianing an object that will require whatever is coming from the provided URL. If it is not a video file, it will not be able to render it. If it is, it will. Unfortunately (well, not really- if it weren't like this the net wouldn't work) anyone who requests data from the exact same URL and is able to generate the same environment (pass the same variables, send the same cookies, write out headers same request headers) will get the exact same result. And there is nothing anyone can do about it. Sorry.

To counter what I've just said, there are ways to include the actual data directly within the page itself. These ways are by no way standard, and are supported by only certain versions of certain browsers. Perhaps you'd be better of with some sort of Flash-gizmo that'd have the video requester built into the code (nothing passed through variables)? That wouldn't be foolproof either, but would add the certain amount of skill required (well, youtube uses that sort of thing, and how far has that gotten them? youtubex.com, anyone?)
0
 
Kiran Paul VJComputer EngineerCommented:
try this in video_viewer.php

<?php
// We'll be outputting a MOV file
$path = "videos/";
$from_name = $path . urldecode($_REQUEST['video']);
header('Content-type: video/quicktime');

header('Content-Disposition: attachment; filename='.$from_name);

readfile($from_name);
?>
0
 
Kiran Paul VJComputer EngineerCommented:
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
DiscoNovaCommented:
In PHP, include() "includes _and_ evaluates the specified file". That means that the file is attempted to evaluate as PHP which - of course - it isn't.

As kiranvj said, you should use readfile() instead (with the suitable Content-type header as he's explaining). But you should *not* use the Content-disposition -header he suggested (since you *want* the file to be used in the browser and *not* have the browser show you a "Save as..."-dialog).
0
 
chris_peteyAuthor Commented:
It looks like this code pulls in the video but how do i pull in just the filename?  I'm using the QT_WriteOBJECT method to write out the code in the page, will this method work without having to use this?
0
 
DiscoNovaCommented:
Assuming the first argument for QT_WriteOBJECT is the URL of the video, for the thing to work in the first place, you don't want to return the filename from get_video.php (instead you want to return the actual contents of the video file).
0
 
DiscoNovaCommented:
As to "how do i pull in just the filename", it's just like this:

<?php
$path = "videos/";
  $from_name = $path . urldecode($_REQUEST['video']);
  print($from_name);
?>

But I really think that is not what you want to do :)
0
 
DiscoNovaCommented:
Furthermore, using something like that in a live environment would be something short of shooting yourself in the foot.

Consider get_video.php?video=../../../../../../../../../../../etc/passwd
0
 
chris_peteyAuthor Commented:
No its prolly not such a good idea after seeing that :-)  I'm just trying to load in a quicktime movie without actually showing the direct link to the movie.  For leeching purposes.
0
 
DiscoNovaCommented:
I would suggest using some sort of translation matrix, where you only provide and if to get_video.php which will, based on the id, return the contents of the video. Something like this (not tested, prone to typos):

<?php

$matrix = Array(
  "abc" => "my_little_pony.mov",
  "def" => "teletubbies.mov",
  "ghi" => "debbie_does_dallas.mov",
);

$path = 'videos/';
if (!array_key_exists($_GET["v"])) {
  // Default if the user requests a video not in the translation matrix
  $file = $path.'goatse.mov';
} else {
  $file = $path.$matrix[$_GET["v"]];
}

header('Content-type: video/quicktime');
readfile($file);

?>

And this would be called like:

<script language="javascript">
  QT_WriteOBJECT('get_video.php?video=ghi' , width , height , '', 'kioskmode', 'true', 'scale', 'tofit');
</script>

...because no-one's really interested in My little pony or teletubbies, right :)
0
 
DiscoNovaCommented:
"where you only provide and if to" = "where you only provide an id to"
0
 
chris_peteyAuthor Commented:
I like that idea, would something like this work?
I was playing around with this but when I put the if in the get_video page is shows a broken video link


video_viewer.php
--------------------------------
<?php
$authorized = "shonuff";
$video = urldecode($_REQUEST['video']);
?>

<script language="javascript">QT_WriteOBJECT('get_video.php?video=<?php echo urldecode($_REQUEST['video']); ?>' , width , height , '', 'kioskmode', 'true', 'scale', 'tofit');</script>
--------------------------------



get_video.php
--------------------------------
if ($authorized)
{
$path = "videos/";
$from_name = $path . $_REQUEST['video'];
header('Content-type: video/quicktime');
readfile($from_name);
break;
} else {
echo "You Cannot Link To The Video In This Way...";
}
--------------------------------
0
 
DiscoNovaCommented:
Basically yes. However, I think the thing you're actually trying to do is not possible.

See, you will need to pass the variable $authorized to get_video.php (and anyone with a browser who knows to look into the source will see that. Currently the mentioned variable is only present in video_viewer.php ... you need to realise that the browser is going to be doing two distinct GETs; one for video_viewer.php and another for get_video.php ... there's no way you can "include" a file directly into the page.

It needs to be understood, that whatever the user is able to see on their screen, they will be able to leach to their computer. Some methods of doing this are easier than other, but still - everything can be downloaded one way or another.
0
 
chris_peteyAuthor Commented:
If i do this

if ($authorized)
{
echo "yes";
} else {
echo "No";
}

Then include the file it gets the variable from the viewer page and works fine.  Is this (get_video.php?video=<?php echo urldecode($_REQUEST['video']); ?>) and include not basically the same thing, it acceses the page and spits the code back out?

I know its impossible to keep everyone from taking things but im hoping to cut down on the amount of stealing.

I'm baseing this on a code i used for thumbnails that streams an image back to the browser and when the page was directly accessed would show an error type of message to the user.
0
 
Kiran Paul VJComputer EngineerCommented:
@chris_petey
>>I'm just trying to load in a quicktime movie without actually showing the direct link to the movie.  For leeching purposes.

Deny direct access to the mov file from other site/server

create a file .htaccess and write this

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://yoursite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com$      [NC]
RewriteRule .*\.(mov)$ http://www.yoursite.com [R,NC]

check this http://www.experts-exchange.com/Software/Photos_Graphics/Web_Graphics/Macromedia_Flash/Q_22748528.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.