Referrer checking, hiding actual file locations

[DaveLinger]

So basically on this website I'm building, I have a bunch of mp3 files that I want people to be able to listen to using a flash mp3 player on the site, and I want them to be able to (I suppose) save the files to their hard drives, but NOT be able to link directly to the mp3 from other websites.

 

So here's my code:

 

<?php
$gid = $_GET['g']; //game ID number. Each game has its own music directory.
$file = $_GET['f']; //filename minus the .mp3
$yoursite = "www.xxx.com";
$yoursite2 = "xxx.com";

$referer = $_SERVER['HTTP_REFERER'];

if ($referer == "") {
$domain = $yoursite; 
} else { 
$domain = parse_url($referer);
} 

if($domain['host'] == $yoursite || $domain['host'] == $yoursite2) { 

$location = "/games/".$gid."/music/".$file.".mp3";

header("Location: $location");

} else { 

header("Location: http://www.xxx.com"); 

} 

?>

 

But the problem with this is that, assuming they ARE on the site, it just gives them the direct URL to the file. How can I set it so that rather than essentially redirecting to the mp3 file, the php file actually outputs the contents of the mp3 file? For example they could save the php file to their hard drive and rename it to mp3 and it would play. I think I've seen this done before.

[JasonLewis]

You can use force downloading or try changing the Content-type with header. Try googling for both these things, it could be useful to you.

[laffin]

But why even use that?

Use .htaccess to redirect .mp3 extensions to a php script

 

or if yer server is PATH_INFO enabled, ya can do the same without .htaccess

 

put the mp3's into an off-web folder, so they cant directly link to the mp3.

 

and use a session cookie to track that its a valid logged in user.

 

have yer script check the session, send the proper header, and readfile

boom yer done.

 

can prolly make a small mp3 with a message 'Mp3's brought to you by xxx.... Please no hotlinking'