Uploading videos - Issues

[Coly010]

Ok, so in my site I want to allow users to upload videos.

The problem I'm facing is cross-compatibility for playing different video types across different browsers.

As an upload is basically a users choice, and many wont have a say in what type of file their video is. Therefore I need a way of playing all types of video files

and get the dimensions of the video, so it can be resized proportionally.

One solution was to convert all uploaded files to .mp4 and then simply use html5's video tag to play it, or if need be, <embed>

But I learned the server that my hosting is with doesn't support ffmpeg,(or crons for that matter so I'm considering leaving, if you have any suggestions that would be great)

Does anyone know of any other solutions to my problem?

[sniko]

You said you're considering moving hosting provider. May I suggest you use DigitalOcean?

Once you've experienced their service, you won't ever go back to "shared cPanel cheap hosting".

[HauntedDawg]

I recently had a go at something like this for another project, and I found that regardless of what you try, it still relies on what the end user has installed to view videos. But here is what I done:

When uploading a file, you have the $_FILES['name']['type'] parameter. I found that by using that "type" parameter, you can store it in the database, and by using php headers Content-Type, use the type from the DB. You can also use that same Content-Type in your html5 video tag. The problem comes in with certain file formats, specifically wma. Requires the end user to install quicktime.

I would switch to DigitalOcean VPS, or even still, use a cheap $5 vps on DigitalOcean to connect to your database, fetch the files & convert them using ffmpeg (you can install it onto your own vps). And then on your website server, serve the files from the VPS (http://enable-cors.org/).

There are many approaches. It depends on what you feel like using :cool:

[Coly010]

I'll take a look at DigitalOcean, and look into VPS as I've never used one before.

Using the Content-Type seems like a good idea, but does <video> not only work with ogg/mp4/webm ? I suppose I could filter it if I had the file type stored. The only other problem that arises from that, is security. Is there a way to check that the file is video and not say a text file saved as a video type?

[sniko]

I'll take a look at DigitalOcean, and look into VPS as I've never used one before.

Using the Content-Type seems like a good idea, but does <video> not only work with ogg/mp4/webm ? I suppose I could filter it if I had the file type stored. The only other problem that arises from that, is security. Is there a way to check that the file is video and not say a text file saved as a video type?

Yes, have a read here: https://www.owasp.org/index.php/Unrestricted_File_Upload

 

Thankfully, we can get coverage for all modern (and mobile) browsers using only two formats:

WebM - uses the VP8 codec for video and the Vorbis codec for audio

MP4 - uses the H.264 codec for video and the AAC codec for audio

[Coly010]

From reading that post alone, it seems almost impossible to prevent an attacker from getting code into the webserver. I'll need to read into ways of making sure it is a video, and I think the best solution for that could in fact be ffmpeg :/

[sniko]

From reading that post alone, it seems almost impossible to prevent an attacker from getting code into the webserver. I'll need to read into ways of making sure it is a video, and I think the best solution for that could in fact be ffmpeg :/

If it was built by a human, it can be broken by a human ;)

Edited August 19, 2014 by sniko

[Coly010]

If it was built by a human it can be broken by a human ;)

Probably the best quote ive seen aha