video files

[birbal]

i want to show up the one image from a video file (eg 3gp)...[for preview].is there any way for that? if yes..then how can i do that?thank you!

[Fmdpa]

All of the solutions I found included using a command-line tool via PHP (using the exec() or passthru() functions). link

[birbal]

i hade tried google but did not got a clue..thanks fmpda for the link..i got some clue now.but i did not use shell command before...1) what security issues can be raised with exec? as far i am aware it should treat seincearly...2) as far i got that its need to install a related software (eg ffmpg). is it so? how can i do that in host? is it preinstalled? or i have to ask?3) can anyone reffer me to any brief article about shell command? i am not getting the commands...and how they work...

[boen_robot]

1. Shell commands include various system calls that can do undoable damage like deleting the whole server or setting up settings... anything you can do on your own computer basically. You need to wrap up the command in escapeshellcmd() to ensure its a single command (and not mutliple chained commands; shells allow that), and you need to escape each argument with escapeshellarg() to make sure the application isn't tricked to do something it shouldn't (e.g. if the executable could delete and view files depending on its input, you must ensure users that can view files don't accidently or otherwise delete).For best results, you should also run PHP with a user that has limited privilages. Commands run as the user than executed them, i.e. PHP's user. That way, worst case scenario is someone having as much control as the PHP file that executed it... e.g. have the privilage to delete all of your stuff, but not the stuff of everyone else on the server. That part however needs to be configured on the server level, i.e. you'll likely be unable to do it on your own.2. If you don't have a command line shell available, you'll have to ask your host to install it. That, and ask for them to enable shell execution from PHP if they've disabled it... be prepared for a "No" or "Get a dedicated server" as responses... hosts don't like putting all of their users at risk because of the desires of one user.3. The available commands are OS dependant and besides... a shell command is essentially starting an executable file with a certain input (arguments) on start. Some OS references will describe the executables and the arguments they accept, but those are just the built in ones. The basic syntax is

executable [arg [arg [...]]]

where arg is a string that MAY be quoted with single or double quotes. On double quotes, or without quotes, you can also embed the values of environment variables. The way you embed them is also OS dependant... Windows uses "%variableName%", and UNIX uses "$variableName" (guess from where PHP was inspired to use "$" in front of variable names).On Windows, you can go to "Start > Run" or the search box (in Vista or 7) and type "cmd". That's the so called "command prompt" - a GUI for executing shell commands. To execute a command line, type the line out and end the line by pressing enter. Type "help" to see some of the built in commands/executables and to find out more information about each, type "command /?". "/?" is just another argument, but built in commands use it by convention to display help information about themselves.

[birbal]

you should also run PHP with a user that has limited privilages

1)what do you mean by that?2) is there any work around to do it without shell command?3) is it something like batch files?

[boen_robot]

1. When you run any executable file, it runs with the privilages of a certain user - the ability to do everything a certain user can do, but do it automatically. The PHP interpreter is one such executable. The Apache HTTP server is another one. If PHP runs as CGI, then this means Apache calls the PHP executable, and at that point, it may call it as if it's another user. If PHP is loaded by Apache as an Apache module, then like any other module, PHP runs as the user of Apache.On Windows, to set the permissions on a certain file or folder, you can right click on it, select "Properties" and go to the "Security" tab. You'll see there a list of users, with the privilages of each being viewable as you click on their name. A user that's not in the list is not allowed to access this file or folder or edit its security settings.Permissions can also be set to groups, and arbitrary users can be part of arbitrary groups, which in turn lets you shape up permissions very granularly.2. In theory, a PHP extension, written as either a binary PECL style extension or PHP code... in practice, I don't know of any such extension, and I don't know enough about the 3GP format to write my own or advise you on writing it.3. Exactly. Batch files are a sequence of shell commands written in text files. UNIX shell scripts are essentially the same thing.

[birbal]

1) and how to set the privilages in remote server? as you said..for php interauptor?

you should also run PHP with a user that has limited privilages

2) is there any class or dll for handling other extension rather than 3gp?

[boen_robot]

1. Ask your host. That's their responsibility - it's a setting they can make in Apache. You can't set this yourself, because there's no way for them to be sure you won't set your PHP instance to run as an administrator user, therefore making PHP capable of doing the same permanent damage an executable may have.2. I don't know of any, but perhaps there are.

[birbal]

ok boeni think now only hosting provider has all the answeres!thanks for all boen! and happy new year!

[boen_robot]

Yeah. Happy new year to you too .(half an hour remaining where I live)