Hide video and mp3 files

Question

I am coding a site that has video and audio files, I need people to be able watch/listen to the files if they are logged in php/mysql login but I don't want people who haven't register to be able to download the files, I need to be able to block direct access to the file and only let them access by the user with accounts.

Answer 1

Hi,

A solution would be to not serve those files directly through Apache, but through PHP (as, from the PHP scripts, you know if the guy trying to download the file is logged or not).

To be absolutly sure no-one downloads the files directly, there are at least two solutions :

First one (the best one, I think) : if you can, put those files outside of your web servers' root :

/.../www/               <-- this is your web root (DocumentRoot, with Apache)
/.../.../js/...
/.../.../css/...
/.../.../index.php
/.../.../download.php
/.../data/              <-- there, outside of the files served by Apache, you put your data
/.../data/my-music.mp3

Second one : You use an .htaccess file in the "data" directory, to deny access from anyone through Apache ; something like this might do :

Deny From All

Then, your download.php script (or the equivalent) will get the id of the file, check for the users' access rights, and, if the user has access to the requested file :

• send the right HTTP headers :
  • you'll probably want to at least set the Content-Type
  • Maybe some others like Content-disposition, Content-length, ...
• send the content of the file
  • something like readfile might help ;-)

Of course, it's up to you to secure that script, now ;-)

As a sidenote : main drawback is that more stuff will have to be processed by PHP... might add some load to your server :-(

Answer 2

I agree with Scott. Flash is probably the route to go--the vast majority of people have the Flash plugin installed. There's also Java but my experience is with Flash.

I'm a little uncertain about your question so let me clarify my response. You can offer both a way to stream audio and video and a way to download the files themselves. By streaming I mean there's a flash viewer on your site that plays the audio and video but doesn't save them to the hard drive. You can offer this to both registered users as well as guests. You can also (if you like) let registered users download the files.

You could let users and guests watch your stuff and give registered users the ability to download it as a reward for signing up. Perhaps you don't want to do that--maybe you just want to allow the registered users to watch your stuff but not download it. That can be done too.

Flash has two options for playing audio and video--progressive and streaming. Progressive is where flash plays an audio/video file from a url (i.e. http://www.example.com/video/video_1.flv). Flash downloads the video (just like a browser would) and plays it off that. The downloaded file is stored in the browser's cache. This isn't what you want.

Streaming is done by the NetStream and NetConnection classes. This is true streaming of a file and it is not saved to the hard drive. The streaming classes don't use HTTP but rather RTMP so you will need a flash audio/video server along with your webserver.

There are three flash video servers that I know of--Adobe's own Flash Media Server, Wowza, and Red 5.

Adobe's server is expensive, probably too expensive if this is a non-commercial site.

I use Wowza. It's free for 10 concurrent users (to get your feet wet) and there's also an unlimited connection server, although at $1000 US it too would be too expensive for a non-commercial site.

The third one is Red5. This is an open source flash media server that's completely free. I have no experience with this so I can't attest to its features or stability.

So yeah, unfortunately it's more work than some simple PHP and HTML. You can either build your own flash player (the client viewer) or use one that someone else built.