Coly010 Posted August 18, 2014 Share Posted August 18, 2014 Ok, so in my site I want to allow users to upload videos. The problem I'm facing is cross-compatibility for playing different video types across different browsers. As an upload is basically a users choice, and many wont have a say in what type of file their video is. Therefore I need a way of playing all types of video files and get the dimensions of the video, so it can be resized proportionally. One solution was to convert all uploaded files to .mp4 and then simply use html5's video tag to play it, or if need be, <embed> But I learned the server that my hosting is with doesn't support ffmpeg,(or crons for that matter so I'm considering leaving, if you have any suggestions that would be great) Does anyone know of any other solutions to my problem? Quote Link to comment Share on other sites More sharing options...
sniko Posted August 19, 2014 Share Posted August 19, 2014 You said you're considering moving hosting provider. May I suggest you use DigitalOcean? Once you've experienced their service, you won't ever go back to "shared cPanel cheap hosting". Quote Link to comment Share on other sites More sharing options...
HauntedDawg Posted August 19, 2014 Share Posted August 19, 2014 I recently had a go at something like this for another project, and I found that regardless of what you try, it still relies on what the end user has installed to view videos. But here is what I done: When uploading a file, you have the $_FILES['name']['type'] parameter. I found that by using that "type" parameter, you can store it in the database, and by using php headers Content-Type, use the type from the DB. You can also use that same Content-Type in your html5 video tag. The problem comes in with certain file formats, specifically wma. Requires the end user to install quicktime. I would switch to DigitalOcean VPS, or even still, use a cheap $5 vps on DigitalOcean to connect to your database, fetch the files & convert them using ffmpeg (you can install it onto your own vps). And then on your website server, serve the files from the VPS (http://enable-cors.org/). There are many approaches. It depends on what you feel like using :cool: Quote Link to comment Share on other sites More sharing options...
Coly010 Posted August 19, 2014 Author Share Posted August 19, 2014 I'll take a look at DigitalOcean, and look into VPS as I've never used one before. Using the Content-Type seems like a good idea, but does <video> not only work with ogg/mp4/webm ? I suppose I could filter it if I had the file type stored. The only other problem that arises from that, is security. Is there a way to check that the file is video and not say a text file saved as a video type? Quote Link to comment Share on other sites More sharing options...
sniko Posted August 19, 2014 Share Posted August 19, 2014 I'll take a look at DigitalOcean, and look into VPS as I've never used one before. Using the Content-Type seems like a good idea, but does <video> not only work with ogg/mp4/webm ? I suppose I could filter it if I had the file type stored. The only other problem that arises from that, is security. Is there a way to check that the file is video and not say a text file saved as a video type? Yes, have a read here: https://www.owasp.org/index.php/Unrestricted_File_Upload Thankfully, we can get coverage for all modern (and mobile) browsers using only two formats: WebM - uses the VP8 codec for video and the Vorbis codec for audio MP4 - uses the H.264 codec for video and the AAC codec for audio Quote Link to comment Share on other sites More sharing options...
Coly010 Posted August 19, 2014 Author Share Posted August 19, 2014 From reading that post alone, it seems almost impossible to prevent an attacker from getting code into the webserver. I'll need to read into ways of making sure it is a video, and I think the best solution for that could in fact be ffmpeg :/ Quote Link to comment Share on other sites More sharing options...
sniko Posted August 19, 2014 Share Posted August 19, 2014 (edited) From reading that post alone, it seems almost impossible to prevent an attacker from getting code into the webserver. I'll need to read into ways of making sure it is a video, and I think the best solution for that could in fact be ffmpeg :/ If it was built by a human, it can be broken by a human ;) Edited August 19, 2014 by sniko Quote Link to comment Share on other sites More sharing options...
Coly010 Posted August 19, 2014 Author Share Posted August 19, 2014 If it was built by a human it can be broken by a human ;) Probably the best quote ive seen aha Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.