flash / php
- Started
- Last post
- 23 Responses
- rabattski0
lemme think about that. still a couple of open issues.
- enobrev0
well you could add the directory information to the encrypted information sent by the server, so it wouldn't be anywhere in the parent swf.
- rabattski0
wow. this is getting more complex.
very interesting method. but, still theoretically, if i decode the actionscript from the swf file that loads the remote swf files i can still figure out which swf file will be loaded, i can download that swf file directly and either check the as or access the artwork.
i tried to covering that bit by using .htaccess which would only allow requests from the same server. unfortunately i didn't find it. i know you can allow or deny requests from certain domains but it's the request from the guy behind the browser that is recognized and not from a script or in this case an swf file. bummer because that option would really solve everything.
- enobrev0
This is gonna seem pretty extravagent, but it should be solid. I haven't done this, but this is how I would, or at least where i would start.
you're going to want to use some kind of encryption scheme on both ends.
You want to encrypt something on the server. Decrypt it in the swf. Reencrypt it (so you have a different hash sent back to the server) and send it to the php script. The php script will then know the request is coming from the right place. Also, since it's all encrypted, you won't have to do any particular url checking.
You'll want to find classes / functions for php and actionscript for the same encryption algorithm. You'll want something that can be deciphered (md5 for instance can't be)
now you have the file that calls the swf (the php file with the object or embed tag in it's html) with an encrypted key. Something like
src="myfil.swf?k="
Now, your parent movie will have a variable called k with a value of something like asd76dashd98ashf89asdh
You decrypt k in the swf and you'll have the equivalent of something like
k = 'someword-05102004105335';
that number is just a date. mdYGis (month, day, 4 number year, 24 hour, minute, second).
At this very moment it's
5/10/2004 10:53:35The reason for the date is to ensure the encrypted value will be differnt every time (the encrypted string will be different every second of every day)
Now you parse out the 'someword' from that k variable (dont remember the function in actionscript, but it's the equivalent of php's substr - grab everything before the dash).
Now encrypt that string with a new date and time just like we did in php. This ensures we have a differnt key coming form the swf than what was in the html (so the two can't be compared).
Finally, in your php script, decrypt the string like we did in the parent swf. If you find the right word ('someword' in this case), then it's coming from the right place.
For added security, you can have that word change every day or every few hours or whatever. Since the original word is coming from the server and not the swf, you'd only have to change the word in one place.
Well, that's how I would do it. Let me know what you eventualyl come up with.
Good luck!
- rabattski0
ok, here's the basic what i'm trying to do and i don't know if it's possible.
the goal is to protect swf files from remote downloading. basically protecting vector artwork.
roughly. in the root folder there's a main swf file that loads other swf movies from a .htaccess protected folder.
the userid/pass combo to access that folder is not stored in the swf file but is retreived from a php file and remains a variable.
if that php file is accessed from the location bar it won't show the userid/pass. it will only pass the data if it's accessed from the main swf and the right url.
both the main swf as the swf's that will be loaded will have a server check (_url) if it's not from the proper url it won't do anything.
now this is only how i worked it out in my head. at this point i'm stuck in retrieving the userid/pass from the php script in such a way that only the swf can get it.
- randoman0
what exactly are you trying to accomplish? Are you fetching data from MySQL with the PHP?
If you can't figure it out I could probably post a demo from domething I've worked on if it will help.
- rabattski0
thanks kafeen. i've been looking at the whole problem wrong. i'm trying to find a way where only a flash file can read out variables. and not when the script is run independent or thru a view source. i think it's not possible though.
- kafeen330
okay that did not paste too well.
sent you an email.
i do not know if there is enough similarities that you could jump from.
- kafeen330
i do not know if you can use this .asp model to develop from:
...
- rabattski0
cheers.
- randoman0
I've accomplished this with LoadVariables as well...
sending a URL encoded string to the PHP from Flash; which then queries the database and returns the results in the format used by Flash (ie. var1=your text result here&var2=More text here, etc.).
It's really just a matter of writing the PHP to handle input and output correctly. I'm not sure what PHP headers are, I didnt have to use them for my purposes. Just did a "while" statement in the PHP which builds the string for LoadVariables based on the query results.
- rabattski0
cheers, using php's header location is prolly the way to go.
- System-Idle0
call yr php url with the vars you need from flash
myphp.php?&var1=value
which it sounds like u r doing.
and you echo the vars back to flash right.
can you pick up the vars with some javascript.
or can you get php to redirect the var back to yr swf html page using php 'header' function with the vars attached.
- unfittoprint0
most secure way:
print your vars id with swf object's src ['movie.swf? < ?php print 'id=2&pid=5'; ? > ']
your movie can then safely retrieve your info.
- rabattski0
can you elaborate on that undo? coz i'm not fully understanding what you mean. cheers though.
- UndoUndo0
when you call yr php script append the vars to the script call and they will be available as you want them
- rabattski0
i know how to get the variables, it's more like on the php side of it. thanks though. gonna try it differently, doesn't work like i want it to work. i'm trying to figure out a way with almost perfect .swf security with no remote downloading and no remote access.
- Nac0
loadVariables??
- rabattski0
it's not about getting variables from a swf file but from a php script. where you use load or sendandload within flash to a php script and get variables back from that same php script. now everywhere i read you have to use echo or print in the php script but i need it to be passed over the url.