PHPMotion implementation - URL based videos (Hosted on separate location) - phpmotion

I have to implement a video collection website for users of a specific ISP. The site will be hosted on a public web-server but all the movies will be hosted on local ISP server. The user of that ISP + general visitors can see the available movies; but only ISP's users will be able to play them.
The player on site will point to URL of a local machine (http://192.x.x.x/movies/mymovie.mov) this private class (192.x.x.x) will only be accessible to ISP user.
Question: Is it possible with PHPMotion script? or I need to do custom work.
If possible, can someone please suggest available MODs?

PHPmotion would require some modifications to be able to handle something like this. Uploading, conversion, thumbnail generation, and playback are all pretty static in PHPmotion.
Really though, rather than modding the entire upload and conversion process, if you created a quick custom form to add entries to the PHPmotion database (maybe include thumbnail upload), then tweaked the playback paths, you should be good to go on the PHPmotion side of things. This would assume that you already had your videos in a format that the player could handle (such as flv or mp4).

Related

Best practice to prevent sharing page url

Looking for some strategy here. We have a secure (subscription-based) website that points to another website for streaming video. Currently, a savvy user could potentially share the link to the streaming page thus bypassing the login. Looking for ideas on how to:
Prevent sharing the link
Cloak the link...or
Make the link from the origin page point to a dynamically-generated URL that can only be visited once.
Thanks in advance!
Unless there is a form of streaming the video from the third party to your application (by streaming I actually mean sending the video in chunks of data to your backend, assembling them back together, and serving the actual assembled video as if it was hosted directly on the same host as the web application, I have personally done this using Amazon S3 for my open-source subscription-based CMS called phpReel) I don't think you can securely do this.
If you do want to go down this route please note that it might get expensive if you have a lot of active subscriptions but if you are interested you could check out these files as they showcase how I have done it for phpReel. I am afraid though that you might need a developer for this job.
On a more optimistic note, may I ask what service do you actually use to stream your videos? For example, Vimeo with the cheapest paid plan offers an option that restricts access to your video outside a specific domain name. Meaning you can set that your videos must be streamed only on domain.com, and thus they will be accessible there and only there.

AWS Web ACL rule: alternatives to Referer

I am looking for a way to limit access to AWS S3 hosted data in a controlled and at least semi-secure way. I have various resources in a number of S3 buckets, with CloudFront as CDN. I then have a WordPress based website using a theme that allows me to sell "courses". Finally I manage my domains so I can create a sub domain for the content download link, i.e. content.domainname.com.
Ideally I want to limit access to content to a specific set of courses, so only people who have bought the course, and are linking to the content from a web page in that course, can (easily) get at the data.
I know I can use an AWS Web ACL rule to check the referer, to limit downloads to links on my domain. And I think I can expand on that to test more of the URL, so in www.domainname.com/paid/coursename/page.html I could have a rule that tests for the bold portion of the path and refuses otherwise.
However, I also know that referer can be easily spoofed, and more importantly some browsers and internet security software will replace the referer, and I don't want my site security to force customers to change their security settings. So, is there another option, to include some sort of data in the HTTP request, that limits access in a way that is both somewhat secure, but not dependent on a client side settings? Perhaps something like a hash that I could include in the link itself? Or, maybe the WordPress API and AWS Web ACL Rules can communicate is some way so as to validate the logged on user has membership in the course? Grasping at straws here I suspect.
Additionally, there will be a PowerShell script that can be downloaded and run, which will access downloadable content as well. Again, I want to limit access, but in this case I need to be able to maintain the criteria on AWS as I have subscription and non subscription versions of the courses, and the PS script should only download for customers on subscription. So, I could provide the PS script with something like a customer ID, then maintain a list of customer IDs that are currently on subscription so the Web ACL rule could filter. But again, I suspect that HTTP header won't get the job done, because it could be changed by internet security at the customer location. But now I am limited by what PowerShell can do with regards to HTTP requests.
I know, rather an open ended question, but hopefully someone can at least point me in the right direction. It sure seems like both needs are something that AWS should be able to do, I am just so out of my depth here I don't know where to start, and AWS documentation requires that you have some clue to get you going.

What I need to know to do asp.net streaming

I have an thing to create Internet shop to sell video views. And there are some rules, which I don't know how to do. The rules is:
Loggined client can only view one video 3 times per day.
I read somewhere that I need to generate virtual links to video and server must hold it, for example, 3 hours OR until client looked up to the end the video, and then delete this virtual link and refresh player state to "start video position and waiting for start". Like on youtube but client shouldn't have a way to rewind the video.
I need to hold situation that client who buy 'video01' give another client him page address or all attributes data from player tag. If second client don't buy 'video01' he shouldn't load it. (I think it's can be solved by cookies).
After 180 video views, client's subscription must be stopped.
And finally question from me is how to play video from my website? Can anyone explain me how to make asp.net site with rules that I wrote the above? What technology I need to use?
I will be grateful if someone advise me a literature that I need to read to know how to do this? Perhaps for a start I need to know how to play video on asp.net webpages.
What free flash player I should use for my solution, any examples please? Really need help.
P.S.: I need to use a free flash player to play videos, not silverlight.
The videos are on the remote servers, not on the local server where I hold the site.
To limit the video as per your requirement you need to use GenericHandlers in asp.net. It must be designed in such a way that the url must expire after reaching the above condition.
For Example, you can generate a random key that should append with the url (ie, QueryString) and store it in Database along with the time of generation. You can make the key expire after 3 hours then.
To play the video on your website you can add jQuery plugin videojs. The documentation will help you to add that simple HTML5+Flash video player.

Tracking a product's web interface with Google Analytics

My company creates hardware products that are sold throughout the world. They have an embedded webserver that allows for users to configure the product via a web interface. I wanted to enhance the user experience of this interface and the first step would be to start gathering analytics on how users move throughout the tool.
My question is how I should do this since there won't be a domain and instead some internal IP address that is used to access the product. For example, if their IT team installs the printer on 10.10.10.10, they almost never associate that with an internal server name and users would access the web configuration tool by directly hitting the IP. Even if they did create an internal server name like "config.productname.com", I would have no way of knowing what that would be.
This means I can't create a profile in GA to start accepting this analytic data. Has anyone done something similar in the past or have advice on how to address this issue?
Could the issue be resolved by using SiteCatalyst instead?
SiteCatalyst provides the capability to store visitor information inside any cookie of your choosing, and does not care which domain you place code on. Ultimately all data is sent to a subdomain of 2o7.net, however you can create a CNAME record so your site stores and writes cookies to any domain of your choice.
Within the s_code.js file, there is a variable defined that governs the domain the cookie is set:
s.trackingServer="yourorganizationname.2o7.net";
It would not matter where this implementation was tracking data from, they would all use the exact same cookie location, and be treated as the same visitor no matter which domain they viewed. Just keep in mind this is defined as a third-party cookie, and small portion of browsers reject 3rd-party cookies by default.
You might try Piwik or Open Web Analytics since you can deploy them on your own infrastructure and could modify them to meet your requirements.
If you have a serial number assigned to each device during manufacturing, you may want to use that to distinguish between devices, regardless of which analytics tools you use.
Note that as far as I can tell, Google Analytics doesn't actually care what domain you place the code on; they just use your domain specification to determine what sites the tracking cookies will be delivered to. That may not help you as you probably want the tracking cookies to work, but I point it out in case it turns out to be useful...

Image operations on remote server

I recently purchased a new domain for the sole purpose of hosting all the static content on a separate server and delegate CPU intensive operation like thumbnail creation on a different pool. Now I would like to do some operations on images uploaded to that remote server : creating thumbnails or updating the image if we need to. Should I download the images to my server, modify them there and then upload them back to the remote server or should I try to create web-services to manipulate the images?
One of my solution was to provide an interface to upload and manipulate the images in the new domain, by leaving the old domain when it comes time to work on images, but I find it kind of awkward.
I would like to keep the new domain cookie free. How would that affect my ability to restrict any random user to use the web-services if I decide to go that way?
Well you already have a server but this seems like it would have been a good oppurtunity to use google App Engine's image API. You could upload directly (I think size limit is 1 meg) and there are functions for resize, crop, etc.
http://code.google.com/appengine/docs/python/images/overview.html

Resources