I am loading a flash into my page. I want to know the url of the page that the flash file loaded. (i use vbulletin i want to have different part of the flash in main page and in the other pages)

For example.

For www.mypage.com/index.php and www.mypage.com/forum.php

If a add an actionscrip code in the first frame I can move in different scenes in my movie.

onClipEvent (load) {
if (mybrowserurl='www.mypage.com/index.php') {
nextScene();
}
if (mybrowserurl='www.mypage.com/forum.php') {
prevScene();
}
}
* mybrowserurl is the property that i am seaching for.

How can i do that?

Thanks

You could probably use Javascript to achieve this? That would be my suggestion...

YOu might be able to use _url also. It should give you the current URL as you see it in the address bar.

YOu might be able to use _url also. It should give you the current URL as you see it in the address bar.

The _url -> Retrieves the URL of the SWF file that created the text field.
This means that I take the "www.mypage.com/flash.swf" ... not the "www.mypage.com/index.php" that it loads the flash swf and i want to find it.

I'm trying to do the same thing - As yet I haven't had any success anyone have any further ideas on this? Can it even be done?

If at all possible, I want to stay away from using javascript in the web page, or any other external forms of confirmation. Is it even possible for the swf movie to know what the URL was of the page that included it?

I would use $_SERVER[] variable in PHP. I think 'DOCUMENT_ROOT' & 'QUERY_STRING' would do the trick.

load the output into FlashVars

Alas, that's still not entirely natively inside the swf. I'm still relying on an outside script to do the actual information retrieval for me - And an outside script can be faked.

Basically, what I want to do is ensure that my flash movie is *always* and *only ever* loaded as part of http://www.someserver.com/somepage.html

Using _url ensures that the flash movie will only ever be run from that domain, but there's nothing to stop someone from setting up a page on someotherserver.com and including the HTML to include my swf file in that page instead. The ._url parameter will still report the movie as being served from someserver.com, so I won't be able to stop the hijacking of my movie.

Alas, that's still not entirely natively inside the swf. I'm still relying on an outside script to do the actual information retrieval for me - And an outside script can be faked.Anything can be faked. However, using a server side language is more secure that anything else. If you don't want to use FlashVars then use LoadVars.

Like I said previously, I would use $_SERVER[] variable in PHP. I think 'DOCUMENT_ROOT' & 'QUERY_STRING' would do the trick. and add 'PHP_SELF'

_url

.......

I have one file working but through a call to a javascript function within the html that holds the Flash movie... But guess you don't want that either?

Anything can be faked. However, using a server side language is more secure that anything else. If you don't want to use FlashVars then use LoadVars.

Like I said previously, and add 'PHP_SELF'

Hmm, I don't think I'm explaining myself well.

I want to stop someone from writing a web page on a different domain that includes my flash movie. Here's a real world example:

autodemo.com has a little demo flash movie on their home page. The direct URL to that flash movie is:

http://www.autodemo.com/flash/new_client_window_siteseer.swf

I can write a web page, host it on *my* domain, and include their flash movie. Then when I view the web page hosted on my domain, it includes their flash movie. I've tried it. It works. I'm trying to find a way to stop other people from doing that to me.

1. _url doesn't work, because as far as the swf is concerned, it's still being served from autodemo.com. The fact that it is being served to an illegal page is irrelevant to _url

2. LoadVar does sort of work, although not necessarily for the reason you think. To get LoadVar to work, you have to hardcode the domain of the file you want to load, then flash will refuse to load that file, because it's on a different domain. It's not perfect, but for now, it's what I'm using until I come up with something better.

In fact, using the autodemo example above, the other thing I would want to do is prevent people from accessing the URL of the swf file directly.

I've been racking my brains trying to figure out a way of making this happen, but I can't come up with a solution, and as I said before - I don't even know if it's possible. What I really want is some kind of variable like:

movieClip._urlOfTheHtmlPageILiveInside

not

movieClip._urlOfMyself (which is what _url is)

That way, if urlOfTheHtmlPageILiveInside isn't the exact correct URL (or is null, in the case of the swf movie simply being run in a projector), you can prevent the movie from displaying anything, and display a nasty "stealing is bad" message to the prospective hijacker.

I have one file working but through a call to a javascript function within the html that holds the Flash movie... But guess you don't want that either?

*grin*

Thank you for the suggestion, but no, the "spoof page" that the hijacker writes can make that javascript say anything he wants, in this case, it would be exactly what the flash movie would be expecting from the "real" page's javascript. The same goes for any PHP script.

What I really want is a flash version of HTTP_REFERER.... heh

'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
To get LoadVar to work, you have to hardcode the domain of the file you want to load,Nope! ------
I've been racking my brains trying to figure out a way of making this happen, but I can't come up with a solution, and as I said before - I don't even know if it's possibleSure it is, you just got 3 solutions, but rejected them all.

The issue has been discussed alot in the past 3 weeks. Perhaps you should search the forums a little bit to see if you can find an answer to you liking.....

EDIT: I suppose if is possible to steal any swf, even if php is included buy doing the following.
decomple the swf.
find sendAndLoad call to the php file
make you own php file that echo's the orginal url, page, and string query of the swf file and name it the orginal name.
add both files to your domain.

However, still the safest.....most people can't do the above. However you could double check it with _url.

*grin*

Well, I know http referer can't be trusted, I was only using it as an analogy. Besides, if you're messing with your http referer settings, I don't want to serve you my pages anyway.

Also, I meant - To get LoadVars to work the way I want it to - i.e. to use LoadVars as a method of authenticating which server is calling my flash movie.

Guys.. Thanks for your time. I'm obviously completely failing to explain myself here. I know what I want to do, and I've tried to explain it a few times, but no one seems to be getting it. I guess I must be speaking a different language or something, because all of your suggestions, while great, are not actually addressing my problem, which can be boiled down to one simple question.

How do I stop someone from writing a web page that includes my flash movie without my permission?

p.s. I'm sorry. I really didn't think that this was that complicated an issue, conceptually, but we're talking round and round in circles.

I've been working on this for a good while now, and I can't come up with anything. Every method that I've thought of for authenticating the server that the page (not the movie) resides on is easily defeated.

It'd be nice to know if this can even *be* done, ya know?

Well, no! Nothing on the web is 100% safe, and that is what you are looking for....But like a said, search a little bit is has been talked about a lot in the past 3 weeks.

Good luck and let us know if you do find an acceptable solution.
FG

Well, no! Nothing on the web is 100% safe,
FG

Y'know, I've been trying to tell my boss that for weeks now ;)

:)

What's bothering me is why you believe your movie is so great that I (or anybody else for that matter...) would go to all that trouble, to "steal" it?

What about:

thisVar = getURL("javascript:location.href");

_t

getURL() function does not return any value back to Flash...
It just executes the JavaScript when called...

What's bothering me is why you believe your movie is so great that I (or anybody else for that matter...) would go to all that trouble, to "steal" it?
That's when you abandon the thread...
There is no reason to feel bad when you are simply trying to help other people...

getURL() function does not return any value back to Flash...
It just executes the JavaScript when called...

Sure it can! Through Flash methods!

1. _url doesn't work, because as far as the swf is concerned, it's still being served from autodemo.com. The fact that it is being served to an illegal page is irrelevant to _url


yes

but you can prevent that the server servs the file in this case
there shoud by plenty of info on this
Hmmm it just don't come in my mind how you call it
it's basicly to prevent highjacking of pictures

eg the picture is on server XYZ.com
and you simply embed it in your page
the hole trafic is going truh XYZ.com (and can cost a lot of money to them)
But not if the server is properly configured


and then a "_url" in the flash
so if they wana use the file they need to decompile it
and get rid of the "_url" stoff



of course i can think on better protections
but for them you woud need a staff of 5-15 Math Gurus for a couple of monts
whit 50Euro/h and above

i don't think it's wort to inwest months and millions to protect PacMan

and if you have code Win2015 you shoud know how to protect it ;)

Sure it can! Through Flash methods!
Hm... I think I might be remembering what you are talking about but cannot find the relevant information... Can you provide me the link??? :)

Javascript call is made from Flash, and returned in this case, through setVariable... But rather than just displaying it, you could do whatever with the return...

http://www.macromedia.com/support/flash/publishexport/scriptingwithflash/scriptingwithflash_03.html

Cool... Thanks, oldnewbie... That's the link I was looking for... Gotta bookmark it...

:)

yes

but you can prevent that the server servs the file in this case
there shoud by plenty of info on this
Hmmm it just don't come in my mind how you call it
it's basicly to prevent highjacking of pictures

eg the picture is on server XYZ.com
and you simply embed it in your page
the hole trafic is going truh XYZ.com (and can cost a lot of money to them)
But not if the server is properly configured


and then a "_url" in the flash
so if they wana use the file they need to decompile it
and get rid of the "_url" stoff



of course i can think on better protections
but for them you woud need a staff of 5-15 Math Gurus for a couple of monts
whit 50Euro/h and above

i don't think it's wort to inwest months and millions to protect PacMan

and if you have code Win2015 you shoud know how to protect it ;)


Yeah - you can block others from direct linking to your images, swf's, etc. all using a properly configured .htaccess file (assuming you have a unix web server that is). This won't stop someone from actually downloading your swf, putting it on their server, and hosting it from there, although that could be painful depending on how your movie is built.

Preventing someone from downloading the swf and running it on their server is actually inherent in part of what we're doing - So no worries there.. Unless you decompile the flash movie, and I'm not going to worry about folks who are prepared to go to those lengths.

Unfortunately, blocking access at the server level is not possible for us, as this flash movie is not run on a server which I have any administrative control over. Otherwise, yeah, that's what I'd do.

I was basically just wondering if there was a nice easy way in flash for flash to detect the URL of the html page that it was included in. I guess not, but thanks for all of your help, folks.

Check this thread and use the getURL solution posted by Wizz. For some reason, I swear my solution had worked when I tested it, but as you can see from this thread others disagree and I have not been able to get it to work in further testing since.:eek:

It is basically what oldnewbie is refering to. . .I think.

http://www.flashkit.com/board/showthread.php?t=659238

_t

Hmm, yes - I like that. I'd never seen it before, thank you for pointing that out to me. I can't get it to work as advertised either, it just makes my browser jump to a null location, but maybe a little playing with JS will yield better results.

*puts js hat on and starts hacking*

Oh, I see. getURL requires a target for the page you're retrieving to be loaded into. However, in this case, since we're not actually retrieving a page it gets all confused (like me)