FLIXEY.COM

I’m releasing my old FLV downloader source. It’s pretty out-dated and doesn’t work at all, but you can look at it and make modifications so that it does. The source is really messy which is one of the reasons I decided to remake it into what I have up now (http://video.flixey.com)

The source is as it was when I used it except I removed my hosting details, adsense, and analytics sources. Don’t hesitate to ask or comment through the guestbook or by just commenting on this post.

Info

• Programming languages used: PHP, Javascript
• PHP Classes used: PEAR HTTP
• Languages available: Korean, Japanese, French, German, English, Polish, Chinese
• Requirements
• Server must support PHP
• Server must support MySQL, or delete the DB related sources
• Server must have URL fopen enabled
• Once again: it won’t work out of the box

Download 1

Download 2

It has been a while since I started to follow web standards and started cross-browser coding (not to be confused to cross-site scripting). I became aware of the importance when I saw the immense number of visitors using Firefox and IE Explorer along with other browsers like Safari and Opera. I even got visitor using the Play Station 3 browser. I figured I couldn’t just ignore people using browsers my site didn’t support, so I learned about the W3C Recommendations and basic cross-browser scripting. I stopped using IE specific functions and properties. A book that helped me is SAMS Teach Yourself JavaScript in 24 Hours. It’s up-to-date and includes information on cross-browser scripting and web standards.

Internet Explorer is still the mainstream browser, but you can see that Firefox is also dominant. In addition, despite having a relatively smaller number of users, Opera and Safari are also a significant segment of the statistics. This table shows the importance of cross-browser coding and web standards.

The first step of following web standards is reading the W3C XHTML recommendations. I suggest using the XHTML Transitional DTD since the Strict DTD is literally strict. A DTD is a Document Type Definition and it basically defines the regulations of web standards and is used to validate your XHTML code. Then you can start validation your websites using the W3C Validator to check whether the document is valid in the DTD you chose.

The second step is to learn how to code your JavasScript to work in all browsers. JavaScript can be scripted to be cross-browser multiple ways, but the most widely used method is by using the try and catch method. The following is an example of a cross-browser AJAX object initialization.

try{
　　// Firefox, Opera 8.0+, Safari, IE7
　　ajaxReq = new XMLHttpRequest();
　　}catch(error){
　　　　// IE5, IE6
　　　　try{
　　　　　　ajaxReq = new ActiveXObject("Msxml2.XMLHTTP");
　　　　　　}catch(error){
　　　　　　　　try{
　　　　　　　　　　ajaxReq = new ActiveXObject("Microsoft.XMLHTTP");
　　　　　　　　　　}catch(error){
　　　　　　　　　　　　return false;
　　　　　　　　　　}
　　　　　　　　}
　　　　　　}
　　　　}
　　}
}

This script tries a method and if an error occurs it detects it and executes the code within the catch expression. There can be a try expression within a catch expression and thus a cross-browser script can be coded this way.

To successfully code in cross-browser format, you should learn what functions or properties are IE or Firefox specific and avoid using them. Web standards are cross-browser coding are becoming more important by the second, so it’s to your benefit to get used to them as apply them when you’re coding.

As some people might have noticed, the whole site including the video downloader were down for quite a bit yesterday. I was moving hosting and had to get used to the different environment. I switched from awardspace to hostican. So far I’m very pleased and think I’ve moved well. Awardspace was always slowing down and had alot of downtimes which frustrated me when i wanted to post or try something out online.

The most significant change is the customer service. Hostican is just absolutely good at handling their customers. They have a ticket system (which most hosting services do), but they reply very fast and send you emails that confirm that your ticket has been submitted. Their phone service is also nice, they pick up quickly and give you friendly replies that actually help. But one of the new things I see is their support over chat. They have a chat window on their website which you can use to gain support, Although the engine itself could use a bit more tweaking, I personally thought it was a great Idea.

The hosting plan I got was their tera-host plan. It has unlimited bandwidth and 1TB of storage. At $93.40 it was a bargain. I used a coupon which was “BestHosting-12″ and that gave me a $50 discount. But before you barge in and try to host a relatively large site, you might want to consider that they are probably overselling. Hosting companies have thousands of customers and giving 1TB to each customer is one hard-drive per person. The following table is the sidebar on cPanel.

Main Domain	flixey.com
Home Directory	-
Last login from	-
Disk Space Usage	34.88/1000000 MB
Monthly Bandwidth Transfer	82.52/∞ MB
Email Accounts	1/∞
Subdomains	3/∞
Parked Domains	0/∞
Addon Domains	2/∞
Ftp Accounts	5/∞
SQL Databases	1/∞
Hosting package	Tera-Host
Server Name	esc12
cPanel Version	11.18.3-RELEASE
cPanel Build	21703
Theme	x3
Apache version	2.2.8 (Unix)
PHP version	5.2.5
MySQL version	5.0.45-community
Architecture	i686
Operating system	Linux
Shared Ip Address	-
Path to sendmail	/usr/sbin/sendmail
Path to PERL	/usr/bin/perl
Kernel version	2.6.9-67.0.4.ELsmp
cPanel Pro	1.0 (RC1)

The cPanel is good, but it doesn’t have the greated system for domain management. What is does is it creates a subdomain for each “add-on domain” and creates a folder within the root folder of your primary domain. Thus, you can access “domain2.com” from “http://domain.com/domain2.com.” I managed to prevent this by using .htaccess rules and a few tricks, but it is quite troublesome.

Another thing I like about this hosting is that it’s pretty flexible. The permissions aren’t totally locked and you can change it but not go above 755. The directory indexing is open at first so you have to close it with an .htaccess file (of course this isn’t too good).

Overall, I’m very pleased with what I have experienced with hostican so far. The strongest pro is their customer support which really helps when you need to know something or get something fixed. Of course I only bought it yesterday and have not experienced everything yet. But I still find it a great hosting and don’t think I’ll run into any huge problems. If you’re interested, you can visit their website.

Ubuntu is an free and open source linux distribution. It can be installed by using their free ship-it service or by downloading. Ubuntu has many features and in some ways is better than windows. It has nice graphical effects using compiz, supports multiple desktop, and has a good design. It’s also very light weight so very good for computers with low-end hardware. Despite these pros, Ubuntu takes forever to set up compared to windows. It took me a few hours just to get the multi-lingual input method working.

Windows is what you’re probably using now. It’s the world’s most renown operating system. Most people now are still using Windows XP but alot of people have already upgraded to Windows Vista. Everyone knows about it, so I’ll just pass here.

When you compare Ubuntu and Windows, Ubuntu is probably better. However, the most major problem is: Ubuntu doesn’t have much software! First of all, for those who have iPods, Ubuntu is nearly hell–especially if you have the new iPod Nano, Classic, or Touch. There are iPod management application for Ubuntu, but they’re not as good as iTunes for actually managing your iPod. It’s difficult to set up your libraries and play lists, videos don’t work most of the time, and Pod Casts aren’t sorted as Pod Casts. OK, if you have the skills, sure, you might get this to work. But it’s really time consuming and you need to know alot about computers before you can.

Another con about Ubuntu is it doesn’t suspend or hibernate properly on certain laptops. There are fixes for this but even those stop working sometimes.

Although Ubuntu might be a bit hard to set up and doesn’t have so much compatability, it’s generally a very good OS. It’s just that not many people use it as much as Windows XP and so there’s not much software for it.

When you use Ubuntu, you’ll feel like your flying–no blue screens of death, no unexpected freezes (ok, some), and generally it gives you a really smooth workspace.

If you want to use Ubuntu, but need to use Windows for certain tasks, you can try dual booting. Before you try this, search for partitioning and see if your motherboard/BIOS supports it.

[Show as slideshow]

SQL Injection is a technique used to exploit security holes in a system using SQLs such as MySQL. This kind of security hole usually occurs when a programmer doesn’t filter quotes or other meta-characters properly. The following code is an example of a such a vulnerability.

if(mysql_query("SELECT * FROM member_tables WHERE id = '".$login_id."' and password = '".$password."'")){
[...code for login...]
}

If quotes aren’t stripped from the variables $login_id or $password, a malicious user can inject SQL functions. They could login as the first user, in most cases the administrator, by typing in something like this into either of the two variables:

s' or 1=1 --

The one line can be catastrophic to a website’s security. If the quote isn’t filtered, the script will read the code like this

if(mysql_query("SELECT * FROM member_tables WHERE id = 's' or 1=1 --' and password = '[password]‘)){
[...code for login...]
}

The or statement makes it so even if only one condition matches, it will return a true value and execute the script. Since 1=1 is always true, the script will launch no matter what. The rest of the SQL statements are commented out by the two dashes (–). Is this the end? Nope.. If the security of the site is so weak, some one could easily delete all the members from the database. It’s just like the one above, but you add a bit of code and do a bit of guesswork.

s' or 1=1;DROP TABLE member_table; --

This would render this in the script

if(mysql_query("SELECT * FROM member_tables WHERE id = 's' or 1=1;DROP TABLES member_table; -- --' and password = '[password]‘)){
[...code for login...]
}

That just deletes the table. End, unless you have backup.

As devastating as this can be, it’s also very simple to prevent. You simply escape or remove quotes from a query using a built in function. In the case of PHP, the addslashes() function does the trick. So, the script above should be fixed to

$login_id = addslashes($login_id);
$password = addslashes($password);
if(mysql_query("SELECT * FROM member_tables WHERE id = '".$login_id."' and password = '".$password."'")){
[...code for login...]
}

This function adds backslashes (\) before metacharacters which lets the character be treated as just a string and not a special one that affects the acting of the query.

Ever seen a window shake like crazy? Well here’s a script for it. You can start annoying all your friends with this simple and crazy script.

It’s a relatively simple code but the effect is cool enough. It tends to stop in IE if you click on another window, but it works nicely on firefox.

<script type="text/javascript">
function lol(){
　self.moveTo(Math.random()*100,Math.random()*100);
　window.setTimeout("lol()",50);
}
window.setTimeout("lol()",50);
</script>


This code first defines a function called lol() which contains the self object connected to the moveTo() function.
The notation is moveTo([distance from left],[distance from top]). The
example above generates a random string which is between 0 and 1(like
0.5487732…) using the random() function of the Math object and multiplies it by 500 to make a number that’ll move the window enough.

We then have the setTimeout() function. The notation of this one is
setTimeout(”[function]“,[time(in milliseconds)]). So, in this case, the
position of the window changes every 50 milliseconds. You can adjust
this to make it faster or slower.

Preview the example (press alt+f4 to close)

The FLV video downloader I designed was written in PHP and some Javascript on the client side. So you’ll need to know a bit of PHP to understand how this works. It’s actually very simple, all you do is get the source from YouTube and then parse it so only the address of the .flv file is left. The following script locates the download URL and returns it. This is the core to any downloader (it’s the same concept for even Google Video downloaders and so on).

<?php
function get_video_url($id){
$url = "http://youtube.com/watch?v=".$id;
if ($contents = @file_get_contents($url)) {
if (preg_match('/video_id=\S+&.+&t=.+&f/i', $contents, $match)) {
$vars = $match[0];
$url = “http://www.youtube.com/get_video?”.$vars;
return $url;
}
}
}
?>

Line by Line Analysis

This line by line analysis of the code above should help you understand the script better.

function get_video_url($id){

This line declares a function (a repetitively usable operation) called get_video_url() so we can use it easily and efficiently. The $id is the video id from YouTube and would be a submitted value, something like FzRH3iTQPrk.

$url = "http://youtube.com/watch?v=".$id;

This line stores the youtube url will the video id in the variable $url.

if ($contents = @file_get_contents($url)) {

This line of code stored the HTML code of the YouTube page ($url) by using the file_get_contents()
function (note that some hosting services may have disabled the function). The line below it will only be executed if $contents is not empty since the if() operator is controlling it.

if (preg_match('/video_id=\S+&.+&t=.+&f/i', $contents, $match)) {

This is the core of the whole thing. It finds the required
information to get the video URL from the source code by searching the HTML code with regular expressions using the preg_match() function. This function uses regular expressions to find patterns in a variable (in this case $html) and puts the results as arrays into another variabe (in this case $match).

$vars = $match[0];

This line stores the needed information from the array $match[0] (which is the first item) into the $vars variable.

$url = "http://www.youtube.com/get_video?".$vars;

This line finally puts the information together to get the full video URL. It’s quite simple, it’s just combining the found information and http://www.youtube.com/get_video together.

return $url;

This line just returns the $url variable so we can use it later. The function can then be used by doing something like this:

echo get_video_url($url);

The rest is just closing the function and the if() operator. Try to look the function up in the PHP manual (they’re linked above).

Tips

If you want to make a downloader for other sites, try using this method:

1. Get the firefox plugin: tamper data
2. Go to the site with tamper data open and see what requests come in.
3. Look for an xml page or an flv file.
4. Look for a pattern and see how you could automate this.
5. Write a script for it.