On Fri, 2008-01-04 at 14:43 -0500, tedd wrote: > At 1:54 PM -0500 1/4/08, Robert Cummings wrote: > >On Fri, 2008-01-04 at 13:29 -0500, tedd wrote: > > > > > Rob: > >> > >> I have all of that logic in place now. > > > >Then what is the problem? or do you mean you don't ant the same user to > >view the item while logged in at some point in the future? If so then > >use a GET parameter (MD5 or SHA1 should suffice) that maps to a DB entry > >that indicates expiration time. > > > >Cheers, > >Rob. > > > Rob: > > I'm sorry, I must not explaining it well. > > I have all the code in place to manage viewers. > > What I'm asking is how to stop someone who isn't authorized to view a > video after they know the url. > > For example, let's say a person pays and has access to the video for > some period of time. > > Later his time runs out and if he returns to the site and tries to > see the video again, he can't because he has to pay again. No > problem, I have all that worked out. > > However, let's say the user pays, views the video, makes a note of > the url, and his time runs out. What's to stop him from viewing the > video again by just entering the url? It's simple, the URL should NOT directly point to the flash. It should point to a PHP wrapper script. The wrapper script then allows you to do any kind of checking necessary to restrict viewing of the video. This can include: - checking that the user is logged in - checking that the user paid during current session - checking that the user has email address robert@xxxxxxxxxxxxx - etc If the check allows viewing of the flash, then read the content of the flash object in PHP and flush to browser along with appropriate flash content headers. Cheers, Rob. -- ........................................................... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ........................................................... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php