0

So i use flowplayer to play rtmp streams, but currently the web view of the stream displays the stream "key" or url.

When this is true, other users will be able to "take over" the stream , which we dont want.. So i need to be able to hide the "key" or url in the web code. I dont want any authentication as many comon RTMP streamer programs dont support that when streaming.

And before you say, then i alreade have looked at http://flash.flowplayer.org/demos/plugins/streaming/secure-streaming.html but i cant get it to work with RTMP streaming only a fixed .flv stream...

here is my code btw:

<a  
style="display:block;width:960px;height:540px;margin:10px auto"
id="stream">
</a>
<script type="text/javascript">
flowplayer("stream", "http://xxx.net/live/files/flowplayer-3.2.15.swf",
{
clip: {
url: 'stream name url key goes here',
live: true,
provider: 'rtmp'
},
plugins: {
rtmp: {
url: 'http://xxx.net/live/files/flowplayer.rtmp-3.2.11.swf',
netConnectionUrl: 'rtmp://xxx.net/live'
}
}
}
);
</script>
Hostse
  • 1
  • 3

1 Answers1

1

you would need to serve the URL dynamically using a php file (or another substitute) it would have to be serverside code and would look like 

<?php
  $hash = $_GET['h'];
  $streamname = $_GET['v'];
  $timestamp = $_GET['t'];
  $current = time();
  $token = 'sn983pjcnhupclavsnda';
  $checkhash = md5($token . '/' . $streamname . $timestamp);

  if (($current - $timestamp) <= 2 && ($checkhash == $hash)) {
  $fsize = filesize($streamname);
   header('Content-Disposition: attachment; filename="' . $streamname . '"');
  if (strrchr($streamname, '.') == '.mp4') {
   header('Content-Type: video/mp4');
   } else {
  header('Content-Type: video/x-flv');
  }
  header('Content-Length: ' . $fsize);
  session_cache_limiter('nocache');
  header('Expires: Thu, 19 Nov 1981 08:52:00 GMT');
  header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
  header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre check=0');
  header('Pragma: no-cache');
  $file = fopen($streamname, 'rb');
  print(fread($file, $fsize));
  fclose($file);
  exit;
  } else {
  header('Location: /url/');
  }

?>

Note, that $streamname is pulled from the url section of the JS

 <script type="text/javascript">
 // <![CDATA[
 window.onload = function () {
  $f("player", "flowplayer-3.2.16.swf", {
   plugins: {
    secure: {
      url: "flowplayer.securestreaming-3.2.8.swf",
      timestampUrl: "sectimestamp.php"
    }
  },
  clip: {
    url: "trailer.flv",
    urlResolvers: "secure",
    scaling: "fit",
    onStart: function (clip) {
      document.getElementById("info").innerHTML = clip.baseUrl + "/" + clip.url;
        }
       }
     });
     };
     // ]]>
     </script>

Flow Player will obfuscate your url so it will be domain.com/md5hashtimestamp/md5hashtoken/md5hashstreamname/trailer.flv if someone tries to pull the source right out of the flash player and when they view source they'll only see the file name but the domain, etc is served through the php file.

maestro416
  • 904
  • 2
  • 17
  • 31