Jump to content


Photo

Header script and Embed merge


  • Please log in to reply
4 replies to this topic

#1 jaymc

jaymc
  • Members
  • PipPipPip
  • Advanced Member
  • 1,521 posts
  • LocationLiverpool

Posted 17 October 2006 - 10:25 PM

Right, to stop people downloading audio files from my site I have come up with this idea

Normally, to play audio in a webpage you would have the following code

<embed src=music/audio.mp3></embed>
Now, anyone who views your source code will see the file is called music/audio.mp3, paste it into their browser and wah hey they are downloading the file directly from your server

So, I have come up with this idea

Have a script that uses headers to read in a file and mae it availablle for download, then, play the audio like so

<embed src=play.php?file=audio.mp3></embed>

Thats where Ive hit a problem, It wont play !! I'm not even sure if it will work that way, but in theory it should

Here is the code that will setup the play.php to be the equivelent to audio.mp3

<?
$file = $_GET['file'];

    header("Pragma: public");
    header("Expires: 0"); // set expiration time
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Content-Type: application/force-download");
    header("Content-Type: application/octet-stream");
    header("Content-Type: application/download");
    header("Content-Disposition: attachment; filename=$filename[1]");
    header("Content-Transfer-Encoding: binary");

readfile("./uploads/".$file);
?>

I hope Ive explained this well enough to show what I mean

Any ideas?
I would love to change the world, but they won't give me the source code

SEO Agency

#2 redbullmarky

redbullmarky
  • Staff Alumni
  • Advanced Member
  • 2,863 posts
  • LocationBedfordshire, England

Posted 17 October 2006 - 10:47 PM

hmmm i'm not 100% clued up on these, but each time i've seen an MP3 playing or a video or whatever, it seems to use an m3u/m4u file, which i believe is a link to an mpeg file rather than the file itself. maybe worth looking up m3u/m4u in google
"you have to keep pissing in the wind to learn how to keep your shoes dry..."

I say old chap, that is rather amusing!

#3 jaymc

jaymc
  • Members
  • PipPipPip
  • Advanced Member
  • 1,521 posts
  • LocationLiverpool

Posted 17 October 2006 - 11:18 PM

Thats no use

src=playme.m3u

I go to www.site.com/playme.m3u, open it up and hey preston their is a list of all the audio locations
I would love to change the world, but they won't give me the source code

SEO Agency

#4 redbullmarky

redbullmarky
  • Staff Alumni
  • Advanced Member
  • 2,863 posts
  • LocationBedfordshire, England

Posted 17 October 2006 - 11:38 PM

hmmm again, not 100% sure on this one, just throwing an idea your way. it might not be 100% reliable (since headers can be changed/spoofed, etc) but your php file that retrieves the MP3 file could check to make sure that it's not being called directly (HTTP_REFERER, i think) and refuse access based on that.

otherwise, the general feeling, from a quick google search, is that it's not possible to secure it 100%.
http://forums.winamp...threadid=250723

however, a flash solution like myspace has makes it a little trickier for the average joe.
"you have to keep pissing in the wind to learn how to keep your shoes dry..."

I say old chap, that is rather amusing!

#5 jaymc

jaymc
  • Members
  • PipPipPip
  • Advanced Member
  • 1,521 posts
  • LocationLiverpool

Posted 17 October 2006 - 11:48 PM

I actually have it working, it works a treat

<?
	$file = $_GET['song'];

	header("Expires: 0");
	header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
	header("Content-Type: audio/x-mpeg");

	readfile("../music/$file");

?>

I've then went on to use .htaccess to disable the serving of any WMA file on the server.

;)


I would love to change the world, but they won't give me the source code

SEO Agency




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users