Need Help any PHP programer

Re: Need Help any PHP programer

peivasteh@madae n.net (Peivasteh) wrote in message news:<6d6a5d86. 0402091135.559f 064@posting.goo gle.com>...[color=blue]
> Hi
> Anybody can help who know PHP .
> I want you to have look at this site first.
> http://www.bigshotmedia.com
> How this site use PHP to protect swf files to not download to cashin
> temparary folder.
> Anybody knows about this how PHP works or what is PHP script.[/color]

Didn't look at the site yet. Might be no-cache header trick
(<http://in2.php.net/header>)

--
"Success = 10% sweat + 90% tears"
If you live in USA, please support John Edwards.
Email: rrjanbiah-at-Y!com

Re: Need Help any PHP programer

Peivasteh wrote:
[color=blue]
> Hi
> Anybody can help who know PHP .
> I want you to have look at this site first.
> http://www.bigshotmedia.com
> How this site use PHP to protect swf files to not download to cashin
> temparary folder.
> Anybody knows about this how PHP works or what is PHP script.
> Thanks
> Behzad Peivasteh[/color]

You can never stop people from getting your .swf file.

At the end of the day, the browser will always receive a link to the
..swf file which they can just use a downloading program like wget to
fetch (or create a link in a HTML page and do "Save linked target as...").

Caching or no caching, Mozilla allows you to save ALL page attachments
through it's "page info" dialog box (gotta love Mozilla).

The best thing you can do is create a "shell" .swf file which makes
internal calls to the "main" .swf file when it runs [in the users
browser]. That means it doesn't matter if people download the .swf file
pointed to by the HTML, because they will only have the shell.

If someone was "really" keen, they could probably sniff the wire to see
what calls the shell .swf file was making and then duplicate the calls
to fetch all the component .swf file, but that would require a lot of
effort.

The other thing you can do to make it still harder, is to have the href
point to a php file with a session id (or some other key). The php file
then does something like

<?php // make sure no whitespace precedes the opener

if(is_valid_ses sion($_REQUEST["sessid"])) {
header("Content-Type: application/swf;"); // I'm guessing this.
$fh = fopen($the_real _swf_location," r");
fpassthru($fh);
fclose($fh);
die();
}
?>
<div class="warning" >Oh no you don't...</div>

Of course, in the above example, you have to define the function
is_valid_sessio n() and you have to populate the variable
$the_real_swf_l ocation

Re: Need Help any PHP programer

Terence wrote:

[color=blue]
> <?php // make sure no whitespace precedes the opener
>
> if(is_valid_ses sion($_REQUEST["sessid"])) {
> header("Content-Type: application/swf;"); // I'm guessing this.
> $fh = fopen($the_real _swf_location," r");
> fpassthru($fh);
> fclose($fh);
> die();
> }
> ?>
> <div class="warning" >Oh no you don't...</div>
>
> Of course, in the above example, you have to define the function
> is_valid_sessio n() and you have to populate the variable
> $the_real_swf_l ocation
>
>[/color]

If you're really clever, you can create an extra key which is passed to
the shell .swf file which it then uses to request the child .swf files.
The child files also then have a corresponding PHP file which validates
the keys. This way, even wire sniffing would be subject to a current
session (or some other valid key).

But at the end of the day, there really is no way to completely ensure
that no one gets the contents. Unless.... Macromedia has some sort of
encryption capability built into .swf that you can use, but I am not a
flash expert.

I know with older versions of Flash, you could also get tools which
would reverse engineer .swf files and give you the actionscript source
as well as frame instance in an .fla file. So hardcoding encryption
stuff in actionscript would be no good to you. Macromedia might have
fixed the reverse engineering problem with their latest version of the
plugin. Then again, they may not have.

Re: Need Help any PHP programer

Terence <tk.lists@fastm ail.fm> wrote or quoted:[color=blue]
> Peivasteh wrote:[/color]
[color=blue][color=green]
> > Anybody can help who know PHP .
> > I want you to have look at this site first.
> > http://www.bigshotmedia.com
> > How this site use PHP to protect swf files to not download to cashin
> > temparary folder.
> > Anybody knows about this how PHP works or what is PHP script.[/color]
>
> You can never stop people from getting your .swf file.[/color]

Sure you can: Take your SWF file - and lock it into a large safe ;-)
--
__________
|im |yler http://timtyler.org/ tim@tt1lock.org Remove lock to reply.

Re: Need Help any PHP programer

Terence <tk.lists@fastm ail.fm> wrote in message news:<40287886$ 1@herald>...[color=blue]
> Terence wrote:
>
>[color=green]
> > <?php // make sure no whitespace precedes the opener
> >
> > if(is_valid_ses sion($_REQUEST["sessid"])) {
> > header("Content-Type: application/swf;"); // I'm guessing this.
> > $fh = fopen($the_real _swf_location," r");
> > fpassthru($fh);
> > fclose($fh);
> > die();
> > }
> > ?>
> > <div class="warning" >Oh no you don't...</div>
> >
> > Of course, in the above example, you have to define the function
> > is_valid_sessio n() and you have to populate the variable
> > $the_real_swf_l ocation
> >
> >[/color]
>
> If you're really clever, you can create an extra key which is passed to
> the shell .swf file which it then uses to request the child .swf files.
> The child files also then have a corresponding PHP file which validates
> the keys. This way, even wire sniffing would be subject to a current
> session (or some other valid key).
>
> But at the end of the day, there really is no way to completely ensure
> that no one gets the contents. Unless.... Macromedia has some sort of
> encryption capability built into .swf that you can use, but I am not a
> flash expert.
>
> I know with older versions of Flash, you could also get tools which
> would reverse engineer .swf files and give you the actionscript source
> as well as frame instance in an .fla file. So hardcoding encryption
> stuff in actionscript would be no good to you. Macromedia might have
> fixed the reverse engineering problem with their latest version of the
> plugin. Then again, they may not have.[/color]

Great explanation (after a longtime from Terence, Welcome
back:-)). I think, unless they invent some streaming protocols, they
can't stop someone from stealing.

--
"Success = 10% sweat + 90% tears"
If you live in USA, please support John Edwards.
Email: rrjanbiah-at-Y!com