tags:

views:

80

answers:

1
+1  Q: 

How to password protect files (images, video, zip) dynamically from public and allow access to members only?

It's a common problem, solved many times, but for some reason i cannot find the right information.

Some constraints and requirements:

  • Technique for LAMP stack.
  • Fine-grained control of which files are accessible.
  • No basic authentication with htpasswd files, i want to provide a custom login frontend.
  • Should be able to securely protect and serve big video files

How do all those sites protect their files from public without using basic authentication?

Thanks!

A similar question: http://stackoverflow.com/questions/1688568/performance-oriented-way-to-protect-files-on-php-level

+4  A: 

You would usually redirect any requests for the media files to a PHP script. The PHP script does the login authentication, and on success, loads the requested media file from a protected location, and passes it through to the browser, for example using fpassthru() or fread().

You can set up a very elegant solution using a set of mod_rewrite instructions, for example rewriting 

www.example.com/media/music.mp3

internally to

www.example.com/media/index.php?file=music.mp3

the method is not cheap, as the PHP interpreter has to be started for every download, and pass through every byte of the file. For a discussion of possible alternatives, I asked a question about that a few months back: Performance-oriented way to protect files on PHP level?

Pekka  2010-03-10 12:18:40
That's exactly how it's done. Note : the protected location is a folder outside of your apache (or webserver of choice) document root, so that is not publicly accessible. You will only be able to get to the files using the download script (BTW you must make sure that the download script checks its input to prevent malicious users from downloading other files - like the source of your scripts).
wimvds  2010-03-10 12:53:00
allright this is indeed the method i thought about but i too have my concerns about performance and especially when i comes to (streaming?) video, i'm not sure it's even possible... will need todo lots of testing... thanks man! ;-)
Sander Versluys  2010-03-10 13:24:38
i see you're questions is very similar to mine, didn't stumble upon it. question updated.
Sander Versluys  2010-03-10 13:25:48
If you interested in Performance-oriented way, take a look onto proxy-webserver, such as nginx, which were designed to eliminate connect expenses, and especially at it's X_ACCEL_REDIRECT feature
Col. Shrapnel  2010-03-10 13:46:12

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases