Server Side

Actions:
serveMP3
downloadfile
dir
phpinfo
feedPlaylist
getCoverart
podcast

Directives:
wimpyConfigFile
media_types
wimpy_auth
getMyid3info
ecommerce
ecomWindow
useMysql
defaultVisualBaseName
defaultVisualExt
hide_folders
hide_files
startDir
getid3libPath
httpOption
blockPHPinfo

Client Side

wimpyApp
wimpySkin
startPlayingOnload
randomOnLoad
shuffleOnLoad
displayDownloadButton
autoAdvance
popUpHelp
forceDownload
startOnTrack
trackPlays
voteScript
getMyid3info
forceXMLplaylist
useSysCodePage
ecommerce
ecomWindow
useMysql
scrollInfoDisplay
infoDisplayTime
bufferAudio
theVolume
defaultImage
loopPlaylist
limitPlaytime
startupLogo

HTML display

wimpySkin
wimpySwf
bkgdColor
tptBkgd
wimpyHTMLpageTitle
useSysCodePage

wimpyAuth

Helps to protect against automated flood attacks, and requires the user to use cookies for user authentication.

Can also be used to implement user authentication. Implementing user authentication is not built into the wimpy_auth.php system, but if your familiar with PHP you can edit the wimpy_auth.php file to meet your needs.

NOTE: The wimpyAuth script/system may cause certain features to not perform, or not work due to your server's speed and / or server setup.

Be sure to test the options and features you've established within wimpy thoroughly before implementing this script.

Implementing wimpyAuth

Upload wimpy_auth.php to the same folder as wimpy.php. Click here to download wimpy_auth.php.

If wimpy_auth.php is located in the same folder as wimpy.php, wimpy.php will automatically load wimpy_auth.php.

How wimpyAuth works

In the following explanation wimpyApp refers to the script that provides wimpy.swf with a playlist. (e.g. wimpy.php)

1. Request

wimp.swf issues a request to wimpyApp to load a playlist, or perform an "action."

2. Return encrypted session ID

WimpyApp looks for a file named wimpy_auth.php. (This filename can be changed by editing the referring variable within wimpy.php).

If found, a cookie is set that contains an md5 encrypted session ID.

The encrypted session ID is then sent to wimpy.swf as:

&auth=x&s=[session id]

Example:
&auth=x&s=ENCRYPTEDPHPSESSIONID123456789

Wimpy.swf receives and stores these two variables:

auth=x
Informs wimpy.swf that authentication is required -- "x" is a literal value, yup, just plain old "x"

s=[session id]
A unique identifier that wimpy will use for the entire session. Wimpy will both send and receive this unique ID when interacting with wimpyApp.

3. Request with encrypted ID

Wimpy.swf issues a second request to wimpyApp for a playlist, but this time wimpy.swf includes the encrypted session ID with the request.

Example:
wimpy.php?action=dir&dir=http://yadayada&s=[SESSIONID]

4. Validate the Session ID

WimpyApp receives the request and validates the session ID. If the session ID is invalid, wimpy.php exits and does not return any data. If the session ID is valid, wimpy will perform the requested action.

5. Ongoing requests

Each request to wimpyApp thereafter must contain s=[SESSIONID]

Example:
wimpy.php&action=serveMP3&theFile=http://yadayada&s=[SESSIONID]

 

Expanding functionality

Since the Wimpy Authentication system is based on cookies and sessions, you can include additional functionality into wimpy_auth.php to provide added levels of protection based on your needs, such as user authentication or access control.

Adding additional functionality will require a certain level of programming knowledge and sophistication. Due to the varying needs of each web site, user authentication / access control are NOT built into the Wimpy Authentication system. It is up to individual developers to author and edit the existing scripts to meet their individual needs.

.