How to sitelock a Flash movie
Sometimes you need to make your Flash movie (or game) to work only on selected domains. Sometimes you may want to blacklist some domains so they can’t display your Flash content.
This is called sitelocking, and means you lock a movie to a specific site.
Let’s see how can you sitelock a Flash file.
The first thing we need to know is where the movie is been played.
With the _url property we can determine the absolute path of a movie clip.
I will create a movie with a text field instanced as domain with this actionscript:
domain.text = _url;
This is the result:
Next we have to determine the domain name, so we need some string functions. First we need to strip all characters before :// (:// included).
Using the split method, I’ll split a the domain name into substrings by breaking it wherever :// is found, in this way:
domain_parts = _url.split("://");
domain.text = domain_parts[1];
Splitting the domain name by :// will create an array with its first element (at index 0) containing http (or https, or whatever I’ll find before the ://), and the second element with the remaining part of the domain. Look:
We are few steps away from having only the domain name.
In the same way as before, now I have to split the string when I find a /
|
1 2 3 |
domain_parts = _url.split("://"); real_domain = domain_parts[1].split("/"); domain.text = real_domain[0]; |
Here it is:
Now, we are ready to sitelock the game. Just remember that some portals do not use their domain to host Flash games. For example, NewGrounds uses uploads.undergrounded.net while Kongregate uses chat.kongregate.com.
Anyway, the customer who will request to sitelock your Flash movie will tell you which domain you have to lock the game on.
Now, let’s think about what to do when the movie is played in a site you don’t want to be played. The easiest thing is making the root transparent so it will impossible for the surfer to use it.
|
1 2 3 4 5 6 7 8 9 |
sitelock("www.emanueleferonato.com"); function sitelock(url_to_lock) { domain_parts = _url.split("://"); real_domain = domain_parts[1].split("/"); domain.text = real_domain[0]; if (real_domain[0] != url_to_lock) { _root._alpha = 0; } } |
This function will display the game only if played on my domain.
Now, the last interesting thing… how to sitelock to more than one site.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
urls_allowed = ["www.emanueleferonato.com", "www.triqui.com"]; sitelock(urls_allowed); function sitelock(urls_allowed) { lock = true; domain_parts = _url.split("://"); real_domain = domain_parts[1].split("/"); domain.text = real_domain[0]; for (x in urls_allowed) { if (urls_allowed[x] == real_domain[0]) { lock = false; } } if (lock) { _root._alpha = 0; } } |
This one only allows movie to be played on this domain and on triqui.com
Hope you will find it useful
They can be easily customized to meet the unique requirements of your project.





(31 votes, average: 4.87 out of 5)








This post has 34 comments
First comment
YAY! first comment. anyway, sounds nice. Good Job!
Ernesto Quezada
thanks man, I was thinking about using something like this but in a different way, ie if my swf is not on kongregate, then show the mochiads leaderboard, otherwise use the kong API… :)
this will help me to work out the script I need
Salut!
Jesse
Wonderful!
I’ve been looking for a better way to do this!
Works beautifully, thanks much!
Rick
Thanks Emanuele!
JDog
Thanks Emanuele, very helpful, I can finally sendmy game prototypes to http://www.flashgamelicense.com without fear !
Now all I require is a reply to my email or else I can’t get my game going properly. I’ll definately buy you a beer or two once the sponsorship pays through !
Emanuele Feronato
Sitelocking is useless if you don’t encrypt your game anyway
souled
:o
dude, on the second to last actionscript box you put:
_root._alpha == 0;
instead of:
_root._alpha = 0;
great tut though, shall use on new game coming out
Emanuele Feronato
fixed. thank you.
Luiz Fernando
Great! This goes to the SticKman’s magazine :D
Grifo
First time I get to understand the split command.
Great tutorial as always.
Matt
Bad news, the _url property holds the url where the swf is hosted, not where it is embedded. You’re going to need a more complex solution in order to prevent people from hotlinking off your site. Of course this can be done on your actual server, but some sites that you do want your game on might not have such a fix. I’m not sure how to sitelock your game from being embedded onto someone elses site buy hosted on yours entirely within the flash.
Olivier
Thats pretty much the problem here, it makes it so people cant copy the actual swf, but they can still embed it, so its pretty useless :(
nice tut tho, im sure lots of people found this helpfull in one way or another
rizky
nice tutorial thanks i will try it
roboman
It’s strange…the sitelock makes the preloader don’t work.
ИнÑÑ‚Ñ€ÑƒÐºÑ†Ð¸Ñ Ð¿Ð¾ монетизации флÑш игр | terbooter
[...] Покажите вашу игрушку на девелоперÑком форуме или воÑпользуйтеÑÑŒ ÑервиÑом First Impression от FlashGameLicense, чтобы получить отзывы о вашей игрушке. Ðе забудьте Ñделать sitelock, чтобы предотвратить раÑпроÑтранение игрушки без вашего ведома. ЕÑли не знаете что такое sitelock игрушки, читайте здеÑÑŒ. [...]
How to make Flash Games » Sitelocking
[...] great tutorial teaching HOW to sitelock can be found here: How to sitelock a Flash movie Share and [...]
MochiLand » Blog Archive » Flash Game Monetization Case Study: Emanuele Feronato
[...] 8) Submit your game to a developer forum or take a look at First Impression service by Flash Game License to get some quality reviews of your game. Remember to site-lock your game if you want to prevent it from being spread before you’re ready. If you don’t know how to site-lock a game, read How to sitelock a Flash movie. [...]
yaboy
Would something like this work better than _url…?
var domain = this.root.loaderInfo.url.split(“/”)[2];
Luke
flash.external.ExternalInterface.call( “function get_url() { return window.location.toString(); }” )
what about this ?
Luke
ACTUALLY try this
browserurl = flash.external.ExternalInterface.call(“function(){return window.location.href}”).toString();
Richard
Hey there, if anyone needs an Actionscript 3 version of this tutorial, I’ve written one on my blog – http://notejot.com/2009/02/sitelocking-an-actionscript-3-flash-game/
Excit: Post-Mortem | Game Reviews, Game Download, Computer Games
[...] were were completely oblivious about how the flash game business works. We didn’t implement a sitelock, we didn’t implement Mochiads, we didn’t implement Mochibot, we didn’t even [...]
Jan
————————————
———-Emanuele Feronato———
————————————
You are Great!!!!!!!!!!!!!!!!!!!!!!
many thanks to you and others like you.
Netherlands
dino
How can you be sure www or even http is always included?
I never type www when going to a website.
dino
Wouldn’t it be better to drop the split and just check if the beginning is equal to “http://www.mydoamin.com/”?
Internet Hobo
Somebody could get around this by adding a query string with ?_url=http://www.gooddomain.com or something though when they embed the file. Is there some way to determine where the swf is actually embeded?
Flashtoo
NewGrounds uses uploads.ungrounded.net, not uploads.undergrounded.net .
Dennis | headjump.de
Hi there,
it’s really important to understand (what was already said) that the code in the post won’t prevent embedding the swf from an allowed host to ANY webpage. The “window.location” is the right idea there, BUT you have to use:
window.top.location
because window.top refers to the “most top” window, e.g. if your allowed domain is “allowed.com” and the evil domain “evil.com” just puts an iFrame on their site that contains the page from “allowed.com” with the game, window.location will say “allowed.com”, but window.top.location will reveal “evil.com”.
- Dennis
ken
Step 1. Put a secret function within the flash that grabs their domain information and have it send to your database and a page that displays all thief sites.
Step 2. Put copyright / owner information pertaining to your game or movie where it cannot be overlooked by viewers.
Step 3. Put your flash on the web.
Step 4. Use the web info to report their site for theft of copyrighted materials to their domain host.
This may not work immediately if the host “doesn’t care”, but I’m sure with proper legalese and talk of “getting lawyers involved” they’ll pull the site and/or warn the client.
I contacted my own host (godaddy) on this issue and they conferred that they would pull the thief site until they remove the copyrighted materials.
Ab
@29 (Ken)
You have a nice sample code for Step 1 ?
Tom
Emanuelle, or someone else talk me through the best way to sitelock my game?
I’d be glad to put a link to you for a month from whackyourboss.com. It gets
around 5000 visits per day. I can send you traffic in thanks.
Best Tom
online games
Coca Cola is bad for your health, it actually is one of major contributors to adrenal exhaustion. Sugar in general is. So you might want to remove that evil donation Coca Cola advertisement and people actually might donate more to you.
Massagames
Returns true if the current swf is hosted on an host1, host2, host3 domain, false otherwise
function testSiteLock():Boolean {
var siteLock:RegExp = /^http:\/\/([-a-zA-Z0-9\.])+\.(host1|host2|host3|emanueleferonato|massagames)\.com(\/|$)/;
return siteLock.test( loaderInfo.url );
}
free indian games
i will give it try