Hello everyone, i have a website with videos and games and also provide an embed code which people can use to embed the games and videos on their website. My problem is that alot of people would embed the files but they would delete the link back to my website in the embed code and bandwidth isnt cheap I have been reading for the last few hours about encoding, decoding, base64, md5 and basically a way to encrypt or encode the embed code so people can still use it but they wont be able to remove the link since they cant read what the embed code says Is there any way to do that or use different method to just hide the code but still work on other websites using PHP ? Also is there any way to make the urls to my files encoded, example: http://www.mywebsite.com/games/action/mygame.swf Encode it to look something like this: http://www.mywebsite.com/index.php?game=3475348j345h345gsed6645 (Just like the youtube urls are) I am sure its possible but i just couldn't find and examples of how its done or even a tutorial. Please someone help me, i am still learning php so i am not very good at writing my own functions Thanks everyone.
Without trying it myself ... You could try something like this: echo "Embed this game on your site: http://www.mywebsite.com/index.php?game=" . base64_encode('game.swf'); PHP: Then on the PHP page they call from their site IE: index.php you could do something like this: $game = base64_decode($_GET['game']); $pathToGame = "/home/user/games/" . $game PHP: Something roughly along those lines.
This is very cool and it works Is it possible to make the following script get the file name, encode it and place the encoded string in the url then by requesting video by string decode the string and play it. <?php // Call makeCksum once upon landing on the homepage function makeCksum() { $str = ""; for ($i=0;$i<32;++$i) $str .= chr(rand(32,126)); $_SESSION['Cksum'] = $str; } function encode($x) { return base64_encode(substr($_SESSION['Cksum'],rand(0,28),4) . $x); } function decode($x) { $y = base64_decode($x); if (strpos($_SESSION['Cksum'],substr($y,0,4)) === false) return false; return substr($y,4-strlen($y)); } ?> PHP: Original Post: W W W.php.net/manual/en/function.base64-encode.php#85831 Thank you for all the help, thats exactly what i want to do kbduvall but i want the string to not be easy decoded, just like the script above is suppose to do but its way over my level to incorporate your script in it Please help.
I just woke up so this may not be a very elegant solution but it should work. Give me a few hours and I can probably give you a cleaner solution, but this can give you something to think about between now and then Create a database table with the filename of each swf, and give each a unique "key". [TABLE: swf_files] [filename][ key ] ----------------- [file.swf][aIn3Tl] Link they're given: /* SELECT `filename`, `key` FROM `swf_files`; */ echo "www.domain.com/index.php?filename={$filename}&key=" . md5($keyFromDatabase); PHP: Then when they request the file, check the MD5 they send you to make sure its the same one that the key generates: $requestedFilename = $_GET['filename']; $providedMd5 = $_GET['key']; /* SELECT `key` FROM `swf_files` WHERE `filename` = '{$requestedFilename}'; */ if ($providedMd5 != md5($key)) { echo "Invalid key. Stop leeching!"; } else { // serve up the file } PHP: MAKE SURE you sanitize the data the user gives you before you use it in your SQL query or you'll be open to SQL injection attacks which could cause damage to your database, or invalidate what you're trying to do here.
This deserves to be said again: MAKE SURE you sanitize the data the user gives you before you use it in your SQL query or you'll be open to SQL injection attacks which could cause damage to your database, or invalidate what you're trying to do here.
You could also encrypt it using a global key so you don't have to bother with databases. Keep the key as secret as you would keep your passwords and preferably keep it in a folder above the public_html folder so it's not accessible to the web. // This file is located at /home/user/key.php $key = 'This is a key for my encryption stuff'; PHP: Now in your PHP file do this: // This will include the file containing your $key variable and set it here require_once('/home/user/key.php'); // Set up the encryption parameters $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); // $key is already set $filename = "file.swf"; // Encrypt the filename $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $filename, MCRYPT_MODE_ECB, $iv); // Provide the encrypted link echo 'www.example.com/.index.php?file=' . $crypttext; PHP: In the receiving PHP file decrypt it: // This will include the file containing your $key variable and set it here require_once('/home/user/key.php'); // Set up the encryption parameters $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); // $key is already set // The file parm the user provides $filename = $_GET['file']; // Decrypt $crypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $filename, MCRYPT_MODE_ECB, $iv); // Serve up the file. If the decrypted text is not a valid file (because they tampered with the encrypted text, they'll get a 404 echo 'www.example.com/.index.php?file=' . $crypttext; PHP: Look up the mcrypt functions in the PHP manual if you want to change the way it encrypts and whatnot. The code above will produce an encrypted string that is 64 chars long. If you want it shorter or longer or whatnot, modify the options above. At least this way you don't have to set up and access a database. It's one less layer to worry about, maintain, and protect.
LOL thats amazing, thats exactly what i was looking for Thank you soooooo much I wish i could send you some cookies