Hi Andrey,

I'm not clear about what you mean.

You have a Flash file and a PHP file on the same server?
The PHP file passes info (Action script?) to the Flash?

In order to do that, your PHP file must include the Flash file, right? You would type in the location of the Flash file for PHP to use, and you have control over that?

Or what am I missing ...?

i have the two files in one directory.
i run the php file from flash with this :
-> loadVariablesNum( "something.php", 0, "GET");

method:
loadVariables(url:String, target:Object, [method:String])
"Reads data from an external file, such as a text file or text generated by ColdFusion, a CGI script, Active Server Pages (ASP), PHP, or Perl script, and sets the values for variables in a target movie clip."

so the php file is executed and some variables are passed into the flash movie.

i want somehow to detect, if this flash movie is mine flash movie (located in the same folder as the .php file, and on MY server, because i think i can run this script with other .swf file from other server and get the variables passed).
is this possible?

thanks

Hmmm ..

loadVariablesNum("something.php",0,"GET");

is a pretty specific reference to a PHP file in the same directory as the Flash movie.

So if someone grabs the Flash file (is that what you mean?) and puts it on their own server, they would need to also grab the PHP file and put it in the same directory.

Or if someone has their own Flash file and wants to include your PHP file (is this your concern?), then they need to extend the reference to include your entire URL. (I assume the Flash-included PHP file is not cached while the Flash movie is cached?)

Maybe you could make another layer of obfuscation by making

something.php

like:

<?require "/hiddendirectory/realstuff.php"?>

and put the "real stuff" into that required file?

I'm still not clear on what you are worried about. Sorry.

"Or if someone has their own Flash file and wants to include your PHP file (is this your concern?), then they need to extend the reference to include your entire URL. (I assume the Flash-included PHP file is not cached while the Flash movie is cached?)"

I don't want nobody except me to load variables from that php.

here is a direct example:

in flash movie time.swf i have simple function:
var myVars:LoadVars = new LoadVars();
myVars.onLoad = function(success:Boolean) {
if (success) {
myTextField.text = this.time;
} else {
trace("Error loading variables.");
}
};
myVars.load("myVariables.php");

in myVariables.php:

<?php
echo "time=" . time();
?>

when i directly open myVariables.php via internet explorer i get this:
time=1147032154 // the time of my computer

so i want NOBODY except me (my file on my server) to get this variable. some check like "if file is time.swf on [mysite.com...] then : time=1147032154, else time = nothing"

is this possible?

Okay, I think I see what you're after.

I would recommend adding a check in the PHP file, which is difficult to 'download' and use by itself.

Maybe something right at the top of the script like:

$thishost=$_SERVER['SERVER_NAME'];

if ($thishost!= "[i]yourServerName[/i]") {

header("Location: bad_hacker.html");

exit;

}

You can echo

$_SERVER['SERVER_NAME']

to figure out what your server name is and try a test as you described from any other server. If the server name that the script is being called from is not yours, then it should fail.

You can try other

$_SERVER

variables listed in the PHP manual [us2.php.net] if SERVER_NAME doesn't do the trick.

"which is difficult to 'download' and use by itself."

or "can't be downloaded"? :)

thanks very much, i think this will work. i just didn't know the $_SERVER thing.

Andrey

can't be downloaded

"can't" is a mighty big word ... ;) Glad to help.