ID: 46567 Updated by: [email protected] Reported By: lito at eordes dot com -Status: Open +Status: Feedback Bug Type: Output Control Operating System: GNU/Linux Ubuntu PHP Version: 5.2.6 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://windows.php.net/snapshots/ Previous Comments: ------------------------------------------------------------------------ [2008-11-13 17:38:02] lito at eordes dot com I have uploaded this examples, pleass add simplifica.es at url start (SPAM control problems): Source: /stream/?id=0&source=1 This don't but it will should work: /stream/?id=0 Sources: /stream/stream0.php?v=video&source=1 This print 1 at stream start: /stream/?id=1 Source: /stream/stream1.php?v=video&source=1 This works but doesn't check session var: /stream/?id=2 Source: /stream/stream2.php?v=video&source=1 This works but doesn't stop if the ckeck fail: /stream/?id=3 Source: /stream/stream3.php?v=video&source=1 This doesn't work but it will should work: /stream/?id=4 Source: /stream/stream4.php?v=video&source=1 Which one can you see correctly? Thanks. ------------------------------------------------------------------------ [2008-11-13 16:13:52] lito at eordes dot com Description: ------------ I can't use php with certain conditions "stream" and control video playing. I have 2 php's index.php and stream.php index.php init the session var id and store the video name crypted with md5 function video.php recover the session and compare with the v parameter. If I use $_SESSION and header/exit to check the data, send some bad headers and the video don't load. If I use only header/exit or $_SESSION at once, I can play the video. Reproduce code: --------------- ------------------------------------------------------------------ index.php ------------------------------------------------------------------ <?php session_start(); $_SESSION['id'] = md5('video'); session_write_close(); ?> <object classid="clsid:22D6F312-B0F6-11D0-94AB-0080C74C7E95" width="406" height="406"> <param name="Filename" value="stream.php?v=video"> <param name="AutoStart" value="true"> <param name="ShowControls" value="true"> <param name="BufferingTime" value="5"> <param name="ShowStatusBar" value="true"> <param name="AutoSize" value="true"> <param name="InvokeURLs" value="false"> <embed src="stream.php?v=video" type="application/x-mplayer2" autostart="1" enabled="1" showstatusbar="1" showdisplay="1" showcontrols="1" pluginspage="http://www.microsoft.com/Windows/MediaPlayer/"; width="406" height="406"> </embed> </object> ------------------------------------------------------------------ stream.php ------------------------------------------------------------------ <?php session_start(); if (($_SESSION['id'] != md5($_GET['v'])) || !is_file($_GET['v'].'.wmv')) { header('Location: /'); exit; } header('Content-Type: video/x-ms-wmv'); header('Content-Length: '.filesize($_GET['v'].'.wmv')); readfile($_GET['v'].'.wmv'); ?> Expected result: ---------------- If all checks are fine the scritp must play the video. Actual result: -------------- If I use ($_SESSION['id'] == md5($_GET['v'])) and header/exit result, will never play correctly but all conditions are correct!! (The session id value == md5() and the file exists, never login to the if condition. for example, in this example, the 1 number it's printed, but without the echo 1 the videos isn't player: <?php session_start(); if (($_SESSION['id'] != md5($_GET['v'])) || !is_file($_GET['v'].'.wmv')) { header('Location: /'); exit; } echo 1; header('Content-Type: video/x-ms-wmv'); header('Content-Length: '.filesize($_GET['v'].'.wmv')); readfile($_GET['v'].'.wmv'); ?> With this example it works: <?php session_start(); if (!is_file($_GET['v'].'.wmv')) { header('Location: /'); exit; } header('Content-Type: video/x-ms-wmv'); header('Content-Length: '.filesize($_GET['v'].'.wmv')); readfile($_GET['v'].'.wmv'); ?> And with this example also works: <?php session_start(); if ($_SESSION['id'] != md5($_GET['v'])) { //header('Location: /'); //exit; } header('Content-Type: video/x-ms-wmv'); header('Content-Length: '.filesize($_GET['v'].'.wmv')); readfile($_GET['v'].'.wmv'); ?> But this example don't print the 1 and don't play the video: <?php session_start(); if ($_SESSION['id'] != md5($_GET['v'])) { echo 1; exit; } header('Content-Type: video/x-ms-wmv'); header('Content-Length: '.filesize($_GET['v'].'.wmv')); readfile($_GET['v'].'.wmv'); ?> I don't understand why if I use $_SESSION and header/exit/die together the script don't work (but no erros). ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=46567&edit=1
