Hello everyone!

The following message is a question I posted on the official flash forums from adobe already, but I thought it would be best to ask a PHP Programming Community aswell...so don't get confused when I'm addressing the flash-forums in this post. ;-)


We're having problems embedding Flash-files into our .php-files, so I thought the best place to ask for help would be the official Flash-forums :-) First of all, I'll let you know what exactly we're doing....

We have a few flash-files which you should only be allowed to view once you're logged in and authenticated to our "portal". You can only view those files over some sort of JavaScript-Popup-Flashplayer thing (personally not too much into JS). The JS-Player requires the flash-files to be available over an exisiting URL (such as http://page.domain/flash/file.swf) - And this is where the whole problem begins...

After hours of research and conversing with my collegues and the project-management, we decided to use the following technique to still keep those URLs for the JS-Player while preventing the user from simply accessing our "top secret flash movies" by typing in the URL in their browser...

We move the Flash-folder to a location outside of our document root -> Flash-files can't be randomly accessed or downloaded via the URL.

We use an Apache-plugin called "mod_rewrite" to rewrite/redirect URLs that look similar to http://page.domain/flash/*.swf to a PHP-file -> We can work with REQUEST_URI to see which flash-file the user wanted to view. Now, inside that PHP file we check wether the user is authenticated or not and either embed the flash-file into the PHP-file or redirect him to an error-page. In theory, the user could still view the flash-file over the URL (without even noticing PHP, since the URL stays http://page.domain/flash/file.swf, hence a perfect fake, no? ;-) ) and everything actually works exactly the way we wanted..........IN FIREFOX!

Now we went live with our application and we had to realise that one of the only things we haven't tested in other browsers (this being one of them) don't work the way we want and instead of viewing/playing the film, we get to see a white window in the JS-Player, while it's trying to download a file called "filename_swf" (underscore instead of dot?) when you access the movie over the URL (http://page.domain/flash/file.swf).

How we embed Flash into PHP:

Headers + outputting the flash-files content....

header('Content-Type: application/x-shockwave-flash');

header('Expires: Thu, 01 Jan 1970 00:00:00 GMT, -1');

header('Cache-Control: no-cache, no-store, must-revalidate');

header('Pragma: no-cache');

echo file_get_contents($request);

As I said, this works just fine in Firefox, however we're sure most of our users will be using IE, in which it doesn't work at all. I personally believe we're missing some sort of header or we have to set a different header depending on the browser...so I thought the best place to ask about Flash Headers would be the actual flash forums. Maybe I'm even totally wrong and missing out something crucial and someone can point me in the right direction...

Thanks!

    You are correct that the headers are wrong.

    Here's how you solve the problem.

    1. Put a real SWF file in your web tree
    2. Get to a command prompt on Linux or Mac OSX
    3. Type:

    telnet www.yourdomain.com 80 <enter>
    GET /real_swf_file.swf HTTP/1.0 <enter>
    Host: www.yourdomain.com <enter> <enter>

    1. You will start to see the response from the server.
    2. Hit <ctrl> C to stop it. Scroll back and look at the headers
    3. These headers are perfect. They will work in FF and IE

    Now

    1. Repeat the process for your PHP script that serves up your SWF file
      (you will need to temporarily deactivate the part of the PHP script that checks to see if you are logged in)

    2. Compare the headers that are served up on a REAL swf file and your php served SWF file and you'll have your answer.

      Ah, awesome! That actually worked just fine...well, atleast I figured out what the real problem is by viewing my php-files headers. I'm starting a session in that file aswell and the session sends out 3 headers aswell (which I noticed by using your commands).

      I might have to rethink this, since I do really need the session there. Maybe you've got another suggestion? ;-)

        Write a Reply...