Jump to content

Header script and Embed merge


jaymc

Recommended Posts

Right, to stop people downloading audio files from my site I have come up with this idea

Normally, to play audio in a webpage you would have the following code

[b]<embed src=music/audio.mp3></embed>[/b]
Now, anyone who views your source code will see the file is called music/audio.mp3, paste it into their browser and wah hey they are downloading the file directly from your server

So, I have come up with this idea

Have a script that uses headers to read in a file and mae it availablle for download, then, play the audio like so

[b]<embed src=play.php?file=audio.mp3></embed>[/b]

Thats where Ive hit a problem, It wont play !! I'm not even sure if it will work that way, but in theory it should

Here is the code that will setup the play.php to be the equivelent to audio.mp3

[code]<?
$file = $_GET['file'];

    header("Pragma: public");
    header("Expires: 0"); // set expiration time
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Content-Type: application/force-download");
    header("Content-Type: application/octet-stream");
    header("Content-Type: application/download");
    header("Content-Disposition: attachment; filename=$filename[1]");
    header("Content-Transfer-Encoding: binary");

readfile("./uploads/".$file);
?>[/code]

I hope Ive explained this well enough to show what I mean

Any ideas?
Link to comment
Share on other sites

hmmm again, not 100% sure on this one, just throwing an idea your way. it might not be 100% reliable (since headers can be changed/spoofed, etc) but your php file that retrieves the MP3 file could check to make sure that it's not being called directly (HTTP_REFERER, i think) and refuse access based on that.

otherwise, the general feeling, from a quick google search, is that it's not possible to secure it 100%.
http://forums.winamp.com/showthread.php?threadid=250723

however, a flash solution like myspace has makes it a little trickier for the average joe.
Link to comment
Share on other sites

I actually have it working, it works a treat

[code]
<?
$file = $_GET['song'];

header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: audio/x-mpeg");

readfile("../music/$file");

?>
[/code]

I've then went on to use .htaccess to disable the serving of any WMA file on the server.

;)

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.