|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2008-11-13 17:38 UTC] lito at eordes dot com
[2009-02-18 21:27 UTC] jani@php.net
[2009-02-26 01:00 UTC] php-bugs at lists dot php dot net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri Nov 07 07:00:02 2025 UTC |
Description: ------------ I can't use php with certain conditions "stream" and control video playing. I have 2 php's index.php and stream.php index.php init the session var id and store the video name crypted with md5 function video.php recover the session and compare with the v parameter. If I use $_SESSION and header/exit to check the data, send some bad headers and the video don't load. If I use only header/exit or $_SESSION at once, I can play the video. Reproduce code: --------------- ------------------------------------------------------------------ index.php ------------------------------------------------------------------ <?php session_start(); $_SESSION['id'] = md5('video'); session_write_close(); ?> <object classid="clsid:22D6F312-B0F6-11D0-94AB-0080C74C7E95" width="406" height="406"> <param name="Filename" value="stream.php?v=video"> <param name="AutoStart" value="true"> <param name="ShowControls" value="true"> <param name="BufferingTime" value="5"> <param name="ShowStatusBar" value="true"> <param name="AutoSize" value="true"> <param name="InvokeURLs" value="false"> <embed src="stream.php?v=video" type="application/x-mplayer2" autostart="1" enabled="1" showstatusbar="1" showdisplay="1" showcontrols="1" pluginspage="http://www.microsoft.com/Windows/MediaPlayer/" width="406" height="406"> </embed> </object> ------------------------------------------------------------------ stream.php ------------------------------------------------------------------ <?php session_start(); if (($_SESSION['id'] != md5($_GET['v'])) || !is_file($_GET['v'].'.wmv')) { header('Location: /'); exit; } header('Content-Type: video/x-ms-wmv'); header('Content-Length: '.filesize($_GET['v'].'.wmv')); readfile($_GET['v'].'.wmv'); ?> Expected result: ---------------- If all checks are fine the scritp must play the video. Actual result: -------------- If I use ($_SESSION['id'] == md5($_GET['v'])) and header/exit result, will never play correctly but all conditions are correct!! (The session id value == md5() and the file exists, never login to the if condition. for example, in this example, the 1 number it's printed, but without the echo 1 the videos isn't player: <?php session_start(); if (($_SESSION['id'] != md5($_GET['v'])) || !is_file($_GET['v'].'.wmv')) { header('Location: /'); exit; } echo 1; header('Content-Type: video/x-ms-wmv'); header('Content-Length: '.filesize($_GET['v'].'.wmv')); readfile($_GET['v'].'.wmv'); ?> With this example it works: <?php session_start(); if (!is_file($_GET['v'].'.wmv')) { header('Location: /'); exit; } header('Content-Type: video/x-ms-wmv'); header('Content-Length: '.filesize($_GET['v'].'.wmv')); readfile($_GET['v'].'.wmv'); ?> And with this example also works: <?php session_start(); if ($_SESSION['id'] != md5($_GET['v'])) { //header('Location: /'); //exit; } header('Content-Type: video/x-ms-wmv'); header('Content-Length: '.filesize($_GET['v'].'.wmv')); readfile($_GET['v'].'.wmv'); ?> But this example don't print the 1 and don't play the video: <?php session_start(); if ($_SESSION['id'] != md5($_GET['v'])) { echo 1; exit; } header('Content-Type: video/x-ms-wmv'); header('Content-Length: '.filesize($_GET['v'].'.wmv')); readfile($_GET['v'].'.wmv'); ?> I don't understand why if I use $_SESSION and header/exit/die together the script don't work (but no erros).