How to make a subdomain + files on it, acessible to people with special privileges?

Question

Im adding a premium section to my site which already has free registration. People who will pay a monthly fee will have access to content (html, images and media files) that will be hosted on a subdomain lets say..... content1.domain.com

How would I make it so files that are delivered via that subdomain, cannot be hotlinked or copied, unless the user is logged into the main site, and has a paid account ($premium = 1 site-wide variable defines that).

Im using php and mysql for the site, and lighttpd web server.

Answer 1

Update:

Example:

http://www.pitgroup.nl/demo/protect/?file%5Fid=1&user%5Fid=1&file=string

The file=string, does not work, because it is not correct with the database value;

The page then shows a link with the correct database value which you can click to view the hidden file. The link you clicked is still at the top then, but it will not work again. The bottom of the page shows the update database value, which is a valid link again.

To prevent hotlinking, you should actually use htacces i think.

You should do like this:

( or something like it )

mysql:
    files:
    id
    url
    created

    user_files:
    id
    user_id
    file_id
    string

then insert a record into user_files, using the files info, and for the string, do something like:

md5( $file->url . $file->created . $user->id );

when a user calls an url, eg:

files / fileid / sldfjsdfasduapdj123

then you reroute it to a script, that does a lookup in the database for that string, comparing the user id and file id in the record.

after the file has been looked up, md5 the string again and save the record.

provide the user with headers of the requested file, look at http://php.net/manual/en/function.header.php

and your done :)

( i use this for a websitet that provides flv content against sms payments )