Content feeder technique

[eLIANT]

Need advice or directions to sites that might educate me...

I am building content (rows and columns of dynamically-generated photos and descriptive text) that I want to offer for placement in multiple customers' sites. However, I don't want anyone viewing the source code of the pages to see where this content is being fed from.

For customers that pay for the content, I'll give them the *means* for including it in their site, but I don't want non-paying customers (of my hosting or from any other host) to be able to figure out how to place this same content into their sites.

What I need is the *means*. How can I do this? I'm pretty good with MySQL and PHP, and I'm a programmer from way back, but I need some direction on how to do this.

Li'l help?

[slapshotw]

You could do some kind of embed, and restrict the content from being called by only certain IP addresses. Likely you'd want to give people an SWF and have the SWF internally call the files from your server. Most people wouldn't know how to look inside the SWF to find the source of the original content.

[eLIANT]

GREAT! That's exactly what I need. So elaborate on "embed," and what does SWF stand for again?

Seriously, this is the kind of advice I need, and I've used PHP "includes," and I've seen other sites source code that passes a key back to an included URL (which, I'm guessing, authorizes the display of the content), but what prevents someone from leeching by just using the same key?

Also, I'd want all visitors to see the content I provide, but only on authorized sites. So wouldn't tying the display to an IP limit that?

[slapshotw]

Quote:

Originally Posted by eLIANT

GREAT! That's exactly what I need. So elaborate on "embed," and what does SWF stand for again?

SWF is a shockwave flash file.

Quote:

Also, I'd want all visitors to see the content I provide, but only on authorized sites. So wouldn't tying the display to an IP limit that?

It may be possible to use .htaccess to restrict the files to only being accessed from certain domains.

[Pazeh]

For the include, you can check the IP & domain of the server, beside the authorization code, to make sure the server that is calling for the file is verified to check the content.

There will be a trick if you want to use flat HTML, I mean not SWF (flash), & if the images are hosted on your server & you don't want it to show (from the url of the image) that they are hosted on your server.
One way around this problem will be using the server's IP address... the second, one will be dynamically generated images. something like

HTML Code:

<img src="photo.php?id=1" />

Where the photo.php calls for the real image (via domain or IP) & displays the content as image file.

[slapshotw]

The reason I suggested the SWF is because if you use HTML (which PHP processes as), people can always grab the source files and just host them on their own server. People would have a lot more trouble doing that if you put them inside an SWF, because even if people steal the SWF, it's still going to be programmed to call the images from your server.

[eLIANT]

Quote:

Originally Posted by slapshotw

It may be possible to use .htaccess to restrict the files to only being accessed from certain domains.

Now we're on to something. The number of sites registered to display this content won't be more than a few hundred, so using htaccess shouldn't cause much of a performance hit.

Also, I don't really care if bad people save the images and redisplay them. I just dont want the photos and associated text *redisplay* in context without authorization.

Perhaps it will help if I just tell you what I'm doing...

My customer has access to info (including photos) regarding reposessed items of a certain type. He wants to build a page where those items can be showcased for sale. He then wants to be able to allow businesses which deal in those items and with whom he does business across the country to display that same page within their web sites as if they have those used items for sale. I want them to be able to display it LIKE a Frame (their headers and navigation bars, but my "for sale" content), but not actually BE a Frame. BUT: only those dealers who have paid for the priviledge and registered will be able to show the page.

ONE
I woudn't want to force registering sites to use Frames. How else could they display content from my domain on a portion of a page on their site? Could they just do an "include" of my file?

TWO
If an authorized site is www.blahblah.com, what would the .htaccess entry look like?

[slapshotw]

If you don't encapsulate the links to your files into an SWF, people can just grab the files from the site that is your client and host it on their own server. If you encapsulate in an SWF, then all most people will know how to grab is the SWF, not the text inside to know where the original files are stored. Then you can let people "steal" the SWF all they want..when the SWF loads the original files from your site, your site will block the domain the stolen SWF is on.

Does that make sense?

[Pazeh]

Quote:

Originally Posted by slapshotw

The reason I suggested the SWF is because if you use HTML (which PHP processes as), people can always grab the source files and just host them on their own server. People would have a lot more trouble doing that if you put them inside an SWF, because even if people steal the SWF, it's still going to be programmed to call the images from your server.

with the way I suggested, it will be almost impossible for ppl to grab the source code, unless they grabbed the .php files. What i meant is this

The client file.=

PHP Code:

<? 
$AuthCode="234dsf23rawsdfasdf";
include('HisFile.php');?>

This will output the html as if the content was generated from his clients side. In HisFile.php he can verify the $AuthCode, The IP the request is being made from & the Domain name & echo the results.

The Same applies to the photos.

HTML Code:

<img src="client_photo.php?id=adf3aw" />

the client photos will read the ID & send it over to his photo script, which according to the ID will read the actual photo & "feed" it an an image.

The source code will not show on which server the actual photo files are called from as they will just show the

HTML Code:

<img src="client_photo.php?id=adf3aw" />

The same method can be applied to everything. SWF, CSS .....

the only bad thing i can think about for this way is the load. on the photo.php script.

[slapshotw]

If the goal is to prevent people from having automatic access to the newest images, Pazeh's method is definitely best. If the goal is to prevent people from hosting the images themselves by manually looking for new ones, the SWF will work better because the PHP doesn't prevent that (but people can always do screenshots).

[eLIANT]

Quote:

Originally Posted by eLIANT

Also, I don't really care if bad people save the images and redisplay them....

My customer has access to info (including photos) regarding reposessed items of a certain type. He wants to build a page where those items can be showcased for sale. He then wants to be able to allow businesses which deal in those items and with whom he does business across the country to display that same page within their web sites as if they have those used items for sale. I want them to be able to display it LIKE a Frame (their headers and navigation bars, but my "for sale" content), but not actually BE a Frame. BUT: only those dealers who have paid for the priviledge and registered will be able to show the page.

The reason I don't care is that there is no value in displaying any INDIVIDUAL photo and text. The value comes from MY customer updating the list of available items - what's come on the market, what's been sold - and keeping the COLLECTION of photos and text current. The collection will change daily. So I want to prevent anyone from linking to the same collection of photos and text that I'm feeding to registered dealers.

TECHNICAL QUESTION: Which server parses and translates the PHP?
- Is it the server on which the website resides that calls the link to my server? (<?include('HisFile.php');?>
- Or is it my server?

I ask because I don't know the environment from which the call will be made; could be Windows, could be *nix, may not even have PHP.

[eLIANT]

Quote:

Originally Posted by Serra

PHP is server side processing. It is always done on the host machine. If you include from another machine, even a windows machine, it will be processed on the host.

"Bush is the president. Cheney is the vice-president. He makes all the decisions." Ya see, Serra, I need clarification.

Scenario:
- I have a PHP file residing on my HG server, and the url is mystuff.com/include.php.
- A site running on a server provided by LameHost (which does not support PHP) has an include statement that calls my file.

Which server is expected to processes the PHP? HG or LameHost?

[slapshotw]

Your server would never give a php file to anybody else-- another server, visitor, robot, etc... without processing it first.

However, if LameHost doesn't support php, you will not be able to use the php function "include" on a file on their side.

[eLIANT]

Quote:

Originally Posted by slapshotw

Your server would never give a php file to anybody else-- another server, visitor, robot, etc... without processing it first.

However, if LameHost doesn't support php, you will not be able to use the php function "include" on a file on their side.

Gotcha! So I need to provide a "universally-acceptable" line of code for my registered dealers to place into their websites in order for THEM to display MY content.

I've not been able to use this successfully:

Code:

<!--#include virtual="http://www.mystuff.com/include.php" -->

I get this:
"[an error occurred while processing this directive]"

Any advice on what that "line of code" should contain?

(PS - I'd still like to see an example of the line I should put in .htaccess to control access by domain.)