swharrell Posted February 25, 2011 Share Posted February 25, 2011 I previously asked this question in the Apache Server forum with no reply so I'm thinking maybe that was the wrong area to post it in. I have a directory with media files in it (mp3's, videos etc.) that I want to secure from being downloaded yet be able to be played by a local player on the site. I was thinking of trying to secure the directory using .htaccess and .htpasswd files. I would then like to have the page the player is on pass the login credentials to allow the media files to be played. I do not want the user to be prompted for login credentials but if they tried to access the directory to download a file they would be denied. The server is (of course) Apache 2.2.17 and the scripting languages are php (version 5.2) and jQuery. Is this possible or am I going about this the wrong way? Thanks in advance. P.S. Yes, I have extensively searched for answers before posting but could not find the answer I was looking for. Link to comment https://forums.phpfreaks.com/topic/228813-htpasswd-authentication-without-prompt/ Share on other sites More sharing options...
cunoodle2 Posted February 25, 2011 Share Posted February 25, 2011 I know there was recently a similar thread on this. I would suggest using a flash player. Link to comment https://forums.phpfreaks.com/topic/228813-htpasswd-authentication-without-prompt/#findComment-1179687 Share on other sites More sharing options...
ChemicalBliss Posted February 25, 2011 Share Posted February 25, 2011 Your looking for anti-leeching? I garuntee there are thousands of snippets/tutorials and bits of info on the subject . But for your htaccess, the easiest method imo, is to use mod_rewrite (rewrite_engine in apache). Like so: Options +FollowSymLinks +Indexes RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(www.)mydomain.com [NC] RewriteRule .(exe|zip|rar)$ - [F] Put this in your top-level .htaccess file, also, change "mydomain.com" to your domain name you want to allow and it should protect any exe/zip or rar file from being directly downloaded. Scripts can something like <?php $file = "sometest.rar"; $filepath = "myfiles/"; if(!file_exists($filepath.$file)){ exit("File not found!"); } header("Content-type: application/x-rar-compressed"); header('Content-Disposition: attachment; filename="'.date("dmy").'_'.$file); readfile($filepath.$file); ?> to transmit the file to the client. hope this helps Link to comment https://forums.phpfreaks.com/topic/228813-htpasswd-authentication-without-prompt/#findComment-1179688 Share on other sites More sharing options...
swharrell Posted February 25, 2011 Author Share Posted February 25, 2011 cunoodle2, I had thought about using flash but wanted to stay away from it if possible. ChemicalBliss, Thank you. That is very helpful. I will give it a try and also do some more research on 'anti-leaching'. Link to comment https://forums.phpfreaks.com/topic/228813-htpasswd-authentication-without-prompt/#findComment-1179710 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.