Jump to content

Archived

This topic is now archived and is closed to further replies.

jaymc

Header script and Embed merge

Recommended Posts

Right, to stop people downloading audio files from my site I have come up with this idea

Normally, to play audio in a webpage you would have the following code

[b]<embed src=music/audio.mp3></embed>[/b]
Now, anyone who views your source code will see the file is called music/audio.mp3, paste it into their browser and wah hey they are downloading the file directly from your server

So, I have come up with this idea

Have a script that uses headers to read in a file and mae it availablle for download, then, play the audio like so

[b]<embed src=play.php?file=audio.mp3></embed>[/b]

Thats where Ive hit a problem, It wont play !! I'm not even sure if it will work that way, but in theory it should

Here is the code that will setup the play.php to be the equivelent to audio.mp3

[code]<?
$file = $_GET['file'];

    header("Pragma: public");
    header("Expires: 0"); // set expiration time
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Content-Type: application/force-download");
    header("Content-Type: application/octet-stream");
    header("Content-Type: application/download");
    header("Content-Disposition: attachment; filename=$filename[1]");
    header("Content-Transfer-Encoding: binary");

readfile("./uploads/".$file);
?>[/code]

I hope Ive explained this well enough to show what I mean

Any ideas?

Share this post


Link to post
Share on other sites
hmmm i'm not 100% clued up on these, but each time i've seen an MP3 playing or a video or whatever, it seems to use an m3u/m4u file, which i believe is a link to an mpeg file rather than the file itself. maybe worth looking up m3u/m4u in google

Share this post


Link to post
Share on other sites
Thats no use

src=playme.m3u

I go to www.site.com/playme.m3u, open it up and hey preston their is a list of all the audio locations

Share this post


Link to post
Share on other sites
hmmm again, not 100% sure on this one, just throwing an idea your way. it might not be 100% reliable (since headers can be changed/spoofed, etc) but your php file that retrieves the MP3 file could check to make sure that it's not being called directly (HTTP_REFERER, i think) and refuse access based on that.

otherwise, the general feeling, from a quick google search, is that it's not possible to secure it 100%.
http://forums.winamp.com/showthread.php?threadid=250723

however, a flash solution like myspace has makes it a little trickier for the average joe.

Share this post


Link to post
Share on other sites
I actually have it working, it works a treat

[code]
<?
$file = $_GET['song'];

header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: audio/x-mpeg");

readfile("../music/$file");

?>
[/code]

I've then went on to use .htaccess to disable the serving of any WMA file on the server.

;)

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.