How to prevent people from accessing source videos without logining in?

Question

I am trying to make a login that would give you access to some videos, pictures, and other files. I can do this with php and a get request (

www.example.com/foo?video1

) and making sure they have a cookie of some sort, but I am unsure how to prevent someone from just typing in the link of the source files (

www.example.com/videos/video1.mp4

). I need away to prevent people from accessing the source files.

System:

macOS Sierra 10.12.6

Apache

Thanks,
Josh

Recommended for you: Get network issues from WhatsUp Gold. Not end users.

Answer 1

Put the source files in some directory that is not public, or use an HTAccess. Then, use file_get_contents() and echo to spit out the video. It might look something like this:

getvideo.php?video=test

    <?php
if($_SESSION["username"]!==null)//whatever auth mechanism
{
if(file_exists("videos/".  str_replace( [ '\\', '.', '/'], '', $_GET["video"] ). ".mp4"))
{
header("Content-Type: video/mp4");
readfile("videos/".  str_replace( [ '\\', '.', '/'], '', $_GET["video"] ). ".mp4");
}

else
{
header("HTTP/1.1 404 Not Found");
}
}
else
{
header("HTTP/1.1 401 Unauthorized");
}
exit;
?>

How to prevent people from accessing source videos without logining in?

Sign up