How to sitelock a Flash movie

March 10, 2008 by Emanuele Feronato
Filed Under Flash28 Comments 

Sometimes you need to make your Flash movie (or game) to work only on selected domains. Sometimes you may want to blacklist some domains so they can’t display your Flash content.

This is called sitelocking, and means you lock a movie to a specific site.

Let’s see how can you sitelock a Flash file.

The first thing we need to know is where the movie is been played.

With the _url property we can determine the absolute path of a movie clip.

I will create a movie with a text field instanced as domain with this actionscript:

domain.text = _url;

This is the result:

Next we have to determine the domain name, so we need some string functions. First we need to strip all characters before :// (:// included).

Using the split method, I’ll split a the domain name into substrings by breaking it wherever :// is found, in this way:

domain_parts = _url.split("://");
domain.text = domain_parts[1];

Splitting the domain name by :// will create an array with its first element (at index 0) containing http (or https, or whatever I’ll find before the ://), and the second element with the remaining part of the domain. Look:

We are few steps away from having only the domain name.

In the same way as before, now I have to split the string when I find a /

1
2
3

domain_parts = _url.split("://");
real_domain = domain_parts[1].split("/");
domain.text = real_domain[0];

Here it is:

Now, we are ready to sitelock the game. Just remember that some portals do not use their domain to host Flash games. For example, NewGrounds uses uploads.undergrounded.net while Kongregate uses chat.kongregate.com.

Anyway, the customer who will request to sitelock your Flash movie will tell you which domain you have to lock the game on.

Now, let’s think about what to do when the movie is played in a site you don’t want to be played. The easiest thing is making the root transparent so it will impossible for the surfer to use it.

1
2
3
4
5
6
7
8
9

sitelock("www.emanueleferonato.com");
function sitelock(url_to_lock) {
	domain_parts = _url.split("://");
	real_domain = domain_parts[1].split("/");
	domain.text = real_domain[0];
	if (real_domain[0] != url_to_lock) {
		_root._alpha = 0;
	}
}

This function will display the game only if played on my domain.

Now, the last interesting thing… how to sitelock to more than one site.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

urls_allowed = ["www.emanueleferonato.com", "www.triqui.com"];
sitelock(urls_allowed);
function sitelock(urls_allowed) {
	lock = true;
	domain_parts = _url.split("://");
	real_domain = domain_parts[1].split("/");
	domain.text = real_domain[0];
	for (x in urls_allowed) {
		if (urls_allowed[x] == real_domain[0]) {
			lock = false;
		}
	}
	if (lock) {
		_root._alpha = 0;
	}
}

This one only allows movie to be played on this domain and on triqui.com

Hope you will find it useful

Rate this post: 1 Star2 Stars3 Stars4 Stars5 Stars (20 votes, average: 4.95 out of 5)
Loading ... Loading ...
If you found this post useful, please consider a small donation.
» Flash Templates provided by Template Monster are pre-made web design products developed using Flash technology.
They can be easily customized to meet the unique requirements of your project.

28 Responses to “How to sitelock a Flash movie”

  1. First comment on March 10th, 2008 2:22 pm

    YAY! first comment. anyway, sounds nice. Good Job!

  2. Ernesto Quezada on March 10th, 2008 4:20 pm

    thanks man, I was thinking about using something like this but in a different way, ie if my swf is not on kongregate, then show the mochiads leaderboard, otherwise use the kong API… :)
    this will help me to work out the script I need

    Salut!

  3. Jesse on March 10th, 2008 5:53 pm

    Wonderful!
    I’ve been looking for a better way to do this!
    Works beautifully, thanks much!

  4. Rick on March 10th, 2008 6:19 pm

    Thanks Emanuele!

  5. JDog on March 10th, 2008 6:30 pm

    Thanks Emanuele, very helpful, I can finally sendmy game prototypes to http://www.flashgamelicense.com without fear !

    Now all I require is a reply to my email or else I can’t get my game going properly. I’ll definately buy you a beer or two once the sponsorship pays through !

  6. Emanuele Feronato on March 10th, 2008 6:39 pm

    Sitelocking is useless if you don’t encrypt your game anyway

  7. souled on March 10th, 2008 8:13 pm

    :o
    dude, on the second to last actionscript box you put:

    _root._alpha == 0;

    instead of:

    _root._alpha = 0;

    great tut though, shall use on new game coming out

  8. Emanuele Feronato on March 10th, 2008 8:50 pm

    fixed. thank you.

  9. Luiz Fernando on March 10th, 2008 9:13 pm

    Great! This goes to the SticKman’s magazine :D

  10. Grifo on March 11th, 2008 4:26 am

    First time I get to understand the split command.
    Great tutorial as always.

  11. Matt on March 14th, 2008 1:25 pm

    Bad news, the _url property holds the url where the swf is hosted, not where it is embedded. You’re going to need a more complex solution in order to prevent people from hotlinking off your site. Of course this can be done on your actual server, but some sites that you do want your game on might not have such a fix. I’m not sure how to sitelock your game from being embedded onto someone elses site buy hosted on yours entirely within the flash.

  12. Olivier on April 16th, 2008 8:59 pm

    Thats pretty much the problem here, it makes it so people cant copy the actual swf, but they can still embed it, so its pretty useless :(
    nice tut tho, im sure lots of people found this helpfull in one way or another

  13. rizky on September 6th, 2008 5:49 am

    nice tutorial thanks i will try it

  14. roboman on October 29th, 2008 12:11 pm

    It’s strange…the sitelock makes the preloader don’t work.

  15. yaboy on November 13th, 2008 3:33 am

    Would something like this work better than _url…?

    var domain = this.root.loaderInfo.url.split(”/”)[2];

  16. Luke on January 5th, 2009 12:38 pm

    flash.external.ExternalInterface.call( “function get_url() { return window.location.toString(); }” )

    what about this ?

  17. Luke on January 5th, 2009 12:42 pm

    ACTUALLY try this
    browserurl = flash.external.ExternalInterface.call(”function(){return window.location.href}”).toString();

  18. Richard on February 7th, 2009 2:05 am

    Hey there, if anyone needs an Actionscript 3 version of this tutorial, I’ve written one on my blog – http://notejot.com/2009/02/sitelocking-an-actionscript-3-flash-game/

  19. Jan on February 27th, 2009 10:24 am

    ————————————
    ———-Emanuele Feronato———
    ————————————
    You are Great!!!!!!!!!!!!!!!!!!!!!!
    many thanks to you and others like you.

    Netherlands

  20. dino on April 2nd, 2009 2:51 am

    How can you be sure www or even http is always included?

    I never type www when going to a website.

  21. dino on April 2nd, 2009 2:59 am

    Wouldn’t it be better to drop the split and just check if the beginning is equal to “http://www.mydoamin.com/”?

  22. Internet Hobo on May 13th, 2009 2:31 am

    Somebody could get around this by adding a query string with ?_url=http://www.gooddomain.com or something though when they embed the file. Is there some way to determine where the swf is actually embeded?

  23. Flashtoo on July 31st, 2009 7:32 pm

    NewGrounds uses uploads.ungrounded.net, not uploads.undergrounded.net .

  24. Dennis | headjump.de on August 5th, 2009 10:32 pm

    Hi there,
    it’s really important to understand (what was already said) that the code in the post won’t prevent embedding the swf from an allowed host to ANY webpage. The “window.location” is the right idea there, BUT you have to use:

    window.top.location

    because window.top refers to the “most top” window, e.g. if your allowed domain is “allowed.com” and the evil domain “evil.com” just puts an iFrame on their site that contains the page from “allowed.com” with the game, window.location will say “allowed.com”, but window.top.location will reveal “evil.com”.

    - Dennis

Leave a Reply




Trackbacks

  1. Инструкция по монетизации флэш игр | terbooter on October 29th, 2008 7:19 pm

    [...] Покажите вашу игрушку на девелоперском форуме или воспользуйтесь сервисом First Impression от FlashGameLicense, чтобы получить отзывы о вашей игрушке. Не забудьте сделать sitelock, чтобы предотвратить распространение игрушки без вашего ведома. Если не знаете что такое sitelock игрушки, читайте здесь. [...]

  2. How to make Flash Games » Sitelocking on October 31st, 2008 7:19 pm

    [...] great tutorial teaching HOW to sitelock can be found here: How to sitelock a Flash movie Share and [...]

  3. MochiLand » Blog Archive » Flash Game Monetization Case Study: Emanuele Feronato on November 13th, 2008 1:30 am

    [...] 8) Submit your game to a developer forum or take a look at First Impression service by Flash Game License to get some quality reviews of your game. Remember to site-lock your game if you want to prevent it from being spread before you’re ready. If you don’t know how to site-lock a game, read How to sitelock a Flash movie. [...]

  4. Excit: Post-Mortem | Game Reviews, Game Download, Computer Games on February 7th, 2009 8:21 am

    [...] were were completely oblivious about how the flash game business works. We didn’t implement a sitelock, we didn’t implement Mochiads, we didn’t implement Mochibot, we didn’t even [...]

flash games company