450 posts
  • Has been part of the Envato Community for over 8 years
  • Located in Australia
  • Interviewed on an Envato blog
  • Has collected 10+ items on Envato Market
+5 more
Envato team

Hi All, I’ve just added some information in the FAQ ’s on the inclusion of PHP scripts in Flash files. Here it is in a nut shell:

No running PHP on Eden/FlashDen servers.

Allowing people to run executable code on Eden servers is terrible for security (and even performance). For demo/preview purposes Authors can either:

‘stub’ out a files output (say a PHP file that reads all images in a folder and spits it out to XML that a Flash file can understand), or upload working PHP applications to their own server. For Flash to talk from flashden.net to the PHP application on another domain the Author must add a file called ‘crossdomain.xml’ with access permissions for flashden.net.

Note that if the Author choses to host the PHP application on a separate server, this will add an external dependency to their file, so the Author would be responsible for any downtime of their PHP application. Additionally there is the possibility of FlashDen causing a high amount of bandwidth to be consumed, and they should be aware of that. We do not check PHP files – at all.

We do not allow PHP to be run on Eden/FlashDen servers and we do not check PHP code. If the Item contains any code, we assume that the Author has checked it for quality purposes, however Please use at your own risk.

Authors should specify minimum PHP version (i.e. 4 or 5)

There are some significant differences between PHP 4 and 5, and this needs to be specified to prevent problems. Author can specify this in the description text box.

Authors need to handle magic quotes.

This is worth it’s own mention. This directive is typically make or break between hosts, and is turned on or off depending the System Admin’s preference.

Buyers need to be familiar with common PHP security issues.

There are quite a few, especially because you’re usually running on shared hosts, and even more so because there is basically no built-in input sanity checking.

There is a loads of decent information on PHP security on the subject – just do a quick search on google.

578 posts
  • Has been part of the Envato Community for over 9 years
  • Has referred 1+ members
  • Located in Australia
  • Has sold $1+ on Envato Market
+6 more

Yep :) And this is an evolving policy based on my 2 year old knowledge of PHP . If you’re doing any PHP and want to contest any of these rules, please do.

3868 posts
  • Has been part of the Envato Community for over 8 years
  • Has referred 200+ members
  • Has sold $10,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+10 more

good stuff, i tend to host the entire file on my server when using php, seems to run better :)