jaymc Posted October 17, 2006 Share Posted October 17, 2006 Right, to stop people downloading audio files from my site I have come up with this ideaNormally, to play audio in a webpage you would have the following code[b]<embed src=music/audio.mp3></embed>[/b]Now, anyone who views your source code will see the file is called music/audio.mp3, paste it into their browser and wah hey they are downloading the file directly from your server So, I have come up with this ideaHave a script that uses headers to read in a file and mae it availablle for download, then, play the audio like so[b]<embed src=play.php?file=audio.mp3></embed>[/b]Thats where Ive hit a problem, It wont play !! I'm not even sure if it will work that way, but in theory it shouldHere is the code that will setup the play.php to be the equivelent to audio.mp3[code]<?$file = $_GET['file']; header("Pragma: public"); header("Expires: 0"); // set expiration time header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: application/force-download"); header("Content-Type: application/octet-stream"); header("Content-Type: application/download"); header("Content-Disposition: attachment; filename=$filename[1]"); header("Content-Transfer-Encoding: binary");readfile("./uploads/".$file);?>[/code]I hope Ive explained this well enough to show what I meanAny ideas? Quote Link to comment https://forums.phpfreaks.com/topic/24273-header-script-and-embed-merge/ Share on other sites More sharing options...
redbullmarky Posted October 17, 2006 Share Posted October 17, 2006 hmmm i'm not 100% clued up on these, but each time i've seen an MP3 playing or a video or whatever, it seems to use an m3u/m4u file, which i believe is a link to an mpeg file rather than the file itself. maybe worth looking up m3u/m4u in google Quote Link to comment https://forums.phpfreaks.com/topic/24273-header-script-and-embed-merge/#findComment-110316 Share on other sites More sharing options...
jaymc Posted October 17, 2006 Author Share Posted October 17, 2006 Thats no usesrc=playme.m3uI go to www.site.com/playme.m3u, open it up and hey preston their is a list of all the audio locations Quote Link to comment https://forums.phpfreaks.com/topic/24273-header-script-and-embed-merge/#findComment-110342 Share on other sites More sharing options...
redbullmarky Posted October 17, 2006 Share Posted October 17, 2006 hmmm again, not 100% sure on this one, just throwing an idea your way. it might not be 100% reliable (since headers can be changed/spoofed, etc) but your php file that retrieves the MP3 file could check to make sure that it's not being called directly (HTTP_REFERER, i think) and refuse access based on that.otherwise, the general feeling, from a quick google search, is that it's not possible to secure it 100%.http://forums.winamp.com/showthread.php?threadid=250723however, a flash solution like myspace has makes it a little trickier for the average joe. Quote Link to comment https://forums.phpfreaks.com/topic/24273-header-script-and-embed-merge/#findComment-110357 Share on other sites More sharing options...
jaymc Posted October 17, 2006 Author Share Posted October 17, 2006 I actually have it working, it works a treat[code]<? $file = $_GET['song']; header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: audio/x-mpeg"); readfile("../music/$file");?>[/code]I've then went on to use .htaccess to disable the serving of any WMA file on the server.;) Quote Link to comment https://forums.phpfreaks.com/topic/24273-header-script-and-embed-merge/#findComment-110364 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.