Josh Josh - 7 months ago 44
Apache Configuration Question

How to prevent people from accessing source videos without logining in?

I am trying to make a login that would give you access to some videos, pictures, and other files. I can do this with php and a get request (

www.example.com/foo?video1
) and making sure they have a cookie of some sort, but I am unsure how to prevent someone from just typing in the link of the source files (
www.example.com/videos/video1.mp4
). I need away to prevent people from accessing the source files.

System:


  • macOS Sierra 10.12.6

  • Apache



Thanks,
Josh

Answer Source

Put the source files in some directory that is not public, or use an HTAccess. Then, use file_get_contents() and echo to spit out the video. It might look something like this:

getvideo.php?video=test

    <?php
if($_SESSION["username"]!==null)//whatever auth mechanism
{
if(file_exists("videos/".  str_replace( [ '\\', '.', '/'], '', $_GET["video"] ). ".mp4"))
{
header("Content-Type: video/mp4");
readfile("videos/".  str_replace( [ '\\', '.', '/'], '', $_GET["video"] ). ".mp4");
}

else
{
header("HTTP/1.1 404 Not Found");
}
}
else
{
header("HTTP/1.1 401 Unauthorized");
}
exit;
?>
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download