1 Topic by Jon Lebensold

  • Jon Lebensold
  • Administrator
  • Offline
  • Registered: 2009-06-27
  • Posts: 226

Topic: ZC35 – Protecting Assets with Zend Controller Plugins

I had to take a little hiatus the last few weeks, however I'm hoping to get back into a weekly posting schedule.

This video is an introduction in how to effectively use Zend Controller Plugins. The Zend Documentation refers to Zend Controller plugins being part of the Action Stack which is a simple data structure that can be filled with a bunch of plugins which will run in succession.

We'll create a simple asset protection script using the Zend Framework's built in Zend Controller Plugin architecture.

Grab a copy of the project or browse the repository.

zend_controller, plugin, zend_controller_plugin, zend_session,action stack

2 Reply by beregu

  • beregu
  • Member
  • Offline
  • From: Mongolia
  • Registered: 2009-10-27
  • Posts: 11

Re: ZC35 – Protecting Assets with Zend Controller Plugins

Hello Jon,

It is very good to hear that you are getting back into a weekly posting. Your new tutorial was really amazing. Unfortunately, the code you attached with your video seems not working properly on my computer.

After I got authenticated, http://localhost/assets/image.jpg gives me long long strings of something like:

============
ÿØÿàJFIFÿâ XICC_PROFILE HLinomntrRGB XYZ Π   1acspMSFTIEC sRGBöÖÓ-HP cprtP3desc„lwtptðbkptrXYZgXYZ,bXYZ@dmndTpdmddĈvuedL†viewÔ$lumiømeas $tech0 rTRC< gTRC< bTRC< textCopyright (c) 1998 Hewlett-Packard CompanydescsRGB IEC61966-2.1sRGB IEC61966-2.1XYZ óQÌXYZ XYZ o¢8õXYZ b™·…
============

Also, without authentication, the AssestGrabber Plugin doesn't redirect me to the index.

I'm on Windows, WampServer 2.0h (not supports PHP5.3) with its installation default plus Apache mod_rewrite enabled.

Should I check if some special PHP or Apache extensions are enabled? If so, please advice me what to check. :-D

Thank you Jon.

Last edited by beregu (2009-10-31 12:07:33)

3 Reply by tomas.fejfar

  • tomas.fejfar
  • Guest

Re: ZC35 – Protecting Assets with Zend Controller Plugins

You should send appropriate headers (=Content-Type).

4 Reply by Jon Lebensold

  • Jon Lebensold
  • Administrator
  • Offline
  • Registered: 2009-06-27
  • Posts: 226

Re: ZC35 – Protecting Assets with Zend Controller Plugins

good call tomas.

in production code, you would set the Content-Type in the header.

something like header('Content-Type: image/jpg'); in the AssetGrabber plugin.

if we were building generic component, then it would probably involved detecting the mimetype of the file we were grabbing and setting the headers appropriately.

5 Reply by beregu

  • beregu
  • Member
  • Offline
  • From: Mongolia
  • Registered: 2009-10-27
  • Posts: 11

Re: ZC35 – Protecting Assets with Zend Controller Plugins

Thanks.. :-P
It works now.

6 Reply by batman

  • batman
  • New member
  • Offline
  • From: Gdynia, Poland
  • Registered: 2009-11-02
  • Posts: 2

Re: ZC35 – Protecting Assets with Zend Controller Plugins

Hello,

Nice idea protecting files with plugins, but there is only one thing that bothers me. Is it fast? What if I would like to check 100 or even 1000 files in one action?

I would love to change the world, but they won't give me the source code.
My software never has bugs. It just develops random features.

batman's Website

7 Reply by Jon Lebensold

  • Jon Lebensold
  • Administrator
  • Offline
  • Registered: 2009-06-27
  • Posts: 226

Re: ZC35 – Protecting Assets with Zend Controller Plugins

hmmm... I think it's fast in the sense that you're essentially stopping the rest of the MVC architecture to load. You could use the parameters that are routed (like I did with the filename) to help you find the right file. Another option would be store a lookup in Zend_Cache to cut down on the I/O operations on a per-request basis.

8 Reply by batman

  • batman
  • New member
  • Offline
  • From: Gdynia, Poland
  • Registered: 2009-11-02
  • Posts: 2

Re: ZC35 – Protecting Assets with Zend Controller Plugins

Cache is a must for this kind of operations. But I'm wondering what will happen if I will try to display hundreds of files on one page? After all some part of routing is still on and php interpreter is running. Well, I'll give it a try.

I would love to change the world, but they won't give me the source code.
My software never has bugs. It just develops random features.

batman's Website

9 Reply by Jon Lebensold

  • Jon Lebensold
  • Administrator
  • Offline
  • Registered: 2009-06-27
  • Posts: 226

Re: ZC35 – Protecting Assets with Zend Controller Plugins

that's a good point. If they're thumbnails, you could make those requests run straight through Apache and make asynchronous calls for the session-required assets.

10 Reply by Manuel

  • Manuel
  • Guest

Re: ZC35 – Protecting Assets with Zend Controller Plugins

That's where CSS Sprites becomes handy. You can reduce GET requests pretty easily.

11 Reply by 01Kuzma

  • 01Kuzma
  • Guest

Re: ZC35 – Protecting Assets with Zend Controller Plugins

Hello!
Firstly I'd thank you for this tutorial!
I've a question:
On a secured page I'd to display secured links pointing to video files.
Video player must grab them and play smile
Video files are stored in Application/uploads directory.How I can form links with your plugin and send them into a view template as <a href..> tags that video player might play them?
Thank you!

12 Reply by Jon Lebensold

  • Jon Lebensold
  • Administrator
  • Offline
  • Registered: 2009-06-27
  • Posts: 226

Re: ZC35 – Protecting Assets with Zend Controller Plugins

hey Kuzma, you'll probably need a two-part solution, with a view helper that generates the right url, which in turn hits the plugin with the necessary parameters to return the video file and the necessary mimetype.

13 Reply by T_bo

  • T_bo
  • New member
  • Offline
  • Registered: 2010-02-04
  • Posts: 6

Re: ZC35 – Protecting Assets with Zend Controller Plugins

Hello everyone,
i didn't know that there was already a discussion about those point, i came just for put my solution of extending this excellent assets grabber.( I have also implemented several function to use it with auth, acl and cahce but it's not the point)
The usefull tweak are as jon says on comment 4 a mime-type detection :
first thing it's better to use $this->_response instead of the echo.
with this function you could set a lot of usefull header, i first use an auto-detect mime-type

$this->_response->setHeader('Content-Type',mime_content_type($file_path));    
$this->_response->setBody(file_get_contents($file_path));
$this->_response->sendResponse(); 
// where $file_path is your file path...

To make some streaming-like it's a bit harder the response must look something like that :

        $this->_response->setHeader('Content-Type',mime_content_type($file_path));
    $this->_response->setHeader('Connection','Keep-Alive');
    $this->_response->setHttpResponseCode(206);
    $this->_response->setHeader('Keep_Alive','timeout=15, max=98');
    $this->_response->setHeader('Content-Length',filesize($file_path));
    $this->_response->setBody(file_get_contents($file_path));
    $this->_response->sendResponse();

To make real streaming you have to use the stream_context_create() option of file_get_contents and to accept header request to grab the offset of the file and passing it to the context.

Note that in php 5.3 you have better method based on PECL to check mime-type and other info for your file. And lastely having a function that check if the file exists and if it is readable is always a good idea.

That's it for my little contribution, hope it could be usefull for someone.