hendoyeah Posted November 12, 2006 Share Posted November 12, 2006 Hi all, I'm a new asp > php convert and still working out what php is capable of. I'm building a site which allows users to subscribe to mp3's. I'm not quite sure how to go about the security side of things, i.e. only allowing users who to have access to the mp3's they have subscribed to after they have logged in (php handled). Knowing i will be on a shared host with cpanel, can someone tell me the most efficient way of achieving this?Maybe this is an apache question also???thanxnathan Quote Link to comment Share on other sites More sharing options...
fert Posted November 12, 2006 Share Posted November 12, 2006 you could encrypt the mp3s and then when someone one has access to them wants to listen to them you can de-encrypt them or you could chmod them. Quote Link to comment Share on other sites More sharing options...
doni49 Posted November 12, 2006 Share Posted November 12, 2006 Well I've read that you can store an images file in the database (although I don't know how YET). I would imagine that if you can do that, then you should be able to store MP3 files as well--they're both just binary files.Once you get your DB set up, you should be able to EASILY control access to individual MP3's.You could also store them in a secure location and once you've determined that someone has access permissions to a file, stream the file to their browser. Quote Link to comment Share on other sites More sharing options...
trq Posted November 12, 2006 Share Posted November 12, 2006 [quote]You could also store them in a secure location and once you've determined that someone has access permissions to a file, stream the file to their browser.[/quote]This is exactly how it is done. Quote Link to comment Share on other sites More sharing options...
Skatecrazy1 Posted November 13, 2006 Share Posted November 13, 2006 yeah, and if you don't want to do it that way, then in MySQL, you create the field as a BLOBbinary large object (or a bigblob, tinyblob). Then if you have phpMyAdmin, go to insert and just basically do what you would to upload a file into a form.calling it's a different story, I don't have that figured out yet :-p Quote Link to comment Share on other sites More sharing options...
Destruction Posted November 13, 2006 Share Posted November 13, 2006 To call a file from a database in that manner you need to set it's content-type header then output it. Quick example to explain the concept...[code]<?php// 1) Connect to database// 2) Query to retrieve from database// Continuing from 'step 3'...$Image = mysql_result($Query, 0, "image");//ASSUMING JPEG: you will need to set the content header needed for the content. You could use a switch statement or take it from another database field.header("Content-type: image/jpeg");echo $Image;?>[/code]Hope this helps, though personally I wouldn't put this much load on a database server.Dest Quote Link to comment Share on other sites More sharing options...
hendoyeah Posted November 19, 2006 Author Share Posted November 19, 2006 thanx all for your suggestions.the following code alters the header of a page and forces a download of an mp3.My question is, is there any way for a user to figure out the original path of the mp3 when downloading using this method?[quote] $filelocation = "path-to-mp3/the-mp3-file.mp3"; header('HTTP/1.1 200 OK'); header('Date: ' . date("D M j G:i:s T Y")); header('Last-Modified: ' . date("D M j G:i:s T Y")); header("Content-Type: application/force-download"); header("Content-Lenght: " . (string)(filesize($filelocation))); header("Content-Transfer-Encoding: Binary"); header("Content-Disposition: attachment; filename=".str_replace(" ", "", basename($filelocation)).""); readfile($filelocation); echo($filelocation);[/quote] Quote Link to comment Share on other sites More sharing options...
fert Posted November 19, 2006 Share Posted November 19, 2006 I do not think there is any way for a person to find the original path. Quote Link to comment Share on other sites More sharing options...
doni49 Posted November 19, 2006 Share Posted November 19, 2006 Just store the file OUTSIDE the public area. For example, my directory structure looks like this:/home2 /username /public_html /includes <--I store include files here. They can't be access from the web. But PHP has full access to them. Quote Link to comment Share on other sites More sharing options...
hendoyeah Posted November 19, 2006 Author Share Posted November 19, 2006 Perfect. Thank you all. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.