Hi all,
How can i prevent direct access to say, http://www.mydomain.com/mod/flash/MyMovie/MyMovie.swf?
TIA and Regards,
Edwin
In reply to Edwin Lee
Re: Flash module add-on: How to Prevent Direct Access to MyMovie.swf
by Steve Hyndman -
Put your moodle_data directory outside your public_html folder. Upload your flash movies to the data directory and link to them from within Moodle.
Steve
In reply to Steve Hyndman
Re: Flash module add-on: How to Prevent Direct Access to MyMovie.swf
by Edwin Lee -
hmm... but the Flash Activity Module requires that our movie, e.g. MyMovie.swf be located in /mod/flash/movies/MyMovie/MyMovie.swf?
Will it still work if i place the movie in another directory?
Thanks and Regards,
Edwin
Will it still work if i place the movie in another directory?
Thanks and Regards,
Edwin
In reply to Edwin Lee
Re: Flash module add-on: How to Prevent Direct Access to MyMovie.swf
by Steve Hyndman -
Good question....sorry, but I was replying from my email and didn't realize this was posted in the "Flash Modules" forum...I assumed you were just uploading swf movies. I don't use this mod, so I'm not sure if it will work from the data directory or not.
Steve
In reply to Steve Hyndman
Re: Flash module add-on: How to Prevent Direct Access to MyMovie.swf
by Jamie Pratt -
I don't see how this can work for movies served from the Flash module or any other way.
Flash movies like images must be loaded by the clients' browser and thus must be in a web accessible folder!!
Jamie
Flash movies like images must be loaded by the clients' browser and thus must be in a web accessible folder!!
Jamie
In reply to Jamie Pratt
Re: Flash module add-on: How to Prevent Direct Access to MyMovie.swf
by Steve Hyndman -
I'm not a flash expert....but....I have the moodle data directories for all my moodle installs set-up outside the public_html folders. All images, files and anything else that anyone uploades through Moodle are uploaded to those data directories. Those files and images are assessable in the browser through Moodle, but can't be accessed directly via the web. It's sort of like magic
I don't know about movies served from the flash module, but I don't see why movies couldn't be uploaded to the data directory and be viewed through Moodle just like any other file?? Maybe I'm just missing something.
Steve
In reply to Steve Hyndman
Re: Flash module add-on: How to Prevent Direct Access to MyMovie.swf
by Jamie Pratt -
Hi Steve,
Are you suggesting that people could upload files to the course / site files areas within their moodledata directories and then they could access the files through the Moodle proxy script file.php at url : http://mymoodlewebroot.com/file.php/filename or something like that?
As I said any files including Flash movies uploaded to a place which is not web accessible cannot be accessed by a browser. But if you upload files to {mymoodledataroot}/1/ for example then they will be accessible through the course / site files proxy (in the case of 1 most likely in the site files area).
Uploading to the course / site area would provide some protection against direct access but would still allow people with the correct permissions to access the movies directly. Another alternative would be to upload the movie files to another area and use a proxy script much like file.php to restrict access as required.
Jamie
Are you suggesting that people could upload files to the course / site files areas within their moodledata directories and then they could access the files through the Moodle proxy script file.php at url : http://mymoodlewebroot.com/file.php/filename or something like that?
As I said any files including Flash movies uploaded to a place which is not web accessible cannot be accessed by a browser. But if you upload files to {mymoodledataroot}/1/ for example then they will be accessible through the course / site files proxy (in the case of 1 most likely in the site files area).
Uploading to the course / site area would provide some protection against direct access but would still allow people with the correct permissions to access the movies directly. Another alternative would be to upload the movie files to another area and use a proxy script much like file.php to restrict access as required.
Jamie
In reply to Jamie Pratt
Re: Flash module add-on: How to Prevent Direct Access to MyMovie.swf
by Steve Hyndman -
Uploading to the course / site area would provide some protection against direct access but would still allow people with the correct permissions to access the movies directly.
That is true. Putting your moodle_data directory outside the public_html directory only allows access to the files stored there by the people with correct permissions. I assumed that is what he wanted to do...allow people in his courses access to his flash movies, but prevent people from accessing them who do not have access to his courses.
Putting the moodle_data directory outside public_html is a good set-up that everyone should consider. Doing that provides some good protection for your data and your students data....not everything in Moodle is in the database...a lot of stuff gets stored in those data directories.
Steve
In reply to Edwin Lee
Re: Flash module add-on: How to Prevent Direct Access to MyMovie.swf
by Jamie Pratt -
You can do a test for POMovieSess in your actionscript. This variable is always set by Flashvars when a movie is loaded by the Flash module.
Alternatively a php coder could change the code of the Flash module to load the movie itself through a proxy script from the moodledata directory and then you could restrict access to the movie to only allow access from the Flash module.
Alternatively a php coder could change the code of the Flash module to load the movie itself through a proxy script from the moodledata directory and then you could restrict access to the movie to only allow access from the Flash module.
In reply to Edwin Lee
Re: Flash module add-on: How to Prevent Direct Access to MyMovie.swf
by Steph Foerst -
The Flash Quiz templates can make someone sign in before they take the quiz, which would help with the direct access problem. If they are not registered for the course your movie is in, they can not view it. Even if they are enrolled in the course, if the Flash movie is locked (they have yet to complete the prerequisite activity) they can not view the movie.
To do this:
1. Select the Quiz Options
2. Select Component Inspector
3. Fill out Login File URL with the page where users login (i.e. http://yourmoodle.com/login/index.php).
Someone better at ActionScript than me might be able to drill through the code and figure out the ActionScript that does this so you can use it on non Quiz templates.
I just found out about the required login part today and played around with my Moodle site some and figured out the rest.
I hope this helps somewhat.
To do this:
1. Select the Quiz Options
2. Select Component Inspector
3. Fill out Login File URL with the page where users login (i.e. http://yourmoodle.com/login/index.php).
Someone better at ActionScript than me might be able to drill through the code and figure out the ActionScript that does this so you can use it on non Quiz templates.
I just found out about the required login part today and played around with my Moodle site some and figured out the rest.
I hope this helps somewhat.
In reply to Steph Foerst
Re: Flash module add-on: How to Prevent Direct Access to MyMovie.swf
by Wouter Baars -
In reply to Wouter Baars
Re: Flash module add-on: How to Prevent Direct Access to MyMovie.swf
by Howard Miller -
You *can* put moodledata on another machine. You need to share it (NFS usually on a Unix/Linux) machine and then it should work fine. But... the connection needs to be fast as stuff like session information is stored there. A slow connection would kill your site dead.
In reply to Howard Miller
Re: Flash module add-on: How to Prevent Direct Access to MyMovie.swf
by Wouter Baars -
Thanks.
I wanted to put the folder on a hosting services party such as Strato or such. I am not sure if and how i can share the folder from there.
What do you mean with NFS or do you have some more info on this topic?
Thanks,
Wouter
I wanted to put the folder on a hosting services party such as Strato or such. I am not sure if and how i can share the folder from there.
What do you mean with NFS or do you have some more info on this topic?
Thanks,
Wouter
In reply to Wouter Baars
Re: Flash module add-on: How to Prevent Direct Access to MyMovie.swf
by Howard Miller -
Ahhh.... I see. You don't want to put moodledata there, you simply want to put some files there (and have them secure).
You can't do that at the moment. Moodle shouldn't really be seen as a secure vault for files in any case. Obviously, you can put files where you like and link to them but making this secure is tricky/impossible.
I hate to say this, but a lot of this will be fixed with Repositories in Moodle 2.0. That doesn't help you much right now.
You can't do that at the moment. Moodle shouldn't really be seen as a secure vault for files in any case. Obviously, you can put files where you like and link to them but making this secure is tricky/impossible.
I hate to say this, but a lot of this will be fixed with Repositories in Moodle 2.0. That doesn't help you much right now.