protecting mp3's

[hendoyeah]

Hi all,
I'm a new asp > php convert and still working out what php is capable of.
I'm building a site which allows users to subscribe to mp3's.
I'm not quite sure how to go about the security side of things, i.e. only allowing users who to have access to the mp3's they have subscribed to after they have logged in (php handled).
Knowing i will be on a shared host with cpanel, can someone tell me the most efficient way of achieving this?
Maybe this is an apache question also???

thanx
nathan

[fert]

you could encrypt the mp3s and then when someone one has access to them wants to listen to them you can de-encrypt them or you could chmod them.

[doni49]

Well I've read that you can store an images file in the database (although I don't know how YET).  I would imagine that if you can do that, then you should be able to store MP3 files as well--they're both just binary files.

Once you get your DB set up, you should be able to EASILY control access to individual MP3's.

You could also store them in a secure location and once you've determined that someone has access permissions to a file, stream the file to their browser.

[trq]

[quote]You could also store them in a secure location and once you've determined that someone has access permissions to a file, stream the file to their browser.[/quote]

This is exactly how it is done.

[Skatecrazy1]

yeah, and if you don't want to do it that way, then in MySQL, you create the field as a BLOB
binary large object (or a bigblob, tinyblob). Then if you have phpMyAdmin, go to insert and just basically do what you would to upload a file into a form.

calling it's a different story, I don't have that figured out yet :-p

[Destruction]

To call a file from a database in that manner you need to set it's content-type header then output it.  Quick example to explain the concept...

[code]
<?php
// 1) Connect to database
// 2) Query to retrieve from database
// Continuing from 'step 3'...

$Image = mysql_result($Query, 0, "image");

//ASSUMING JPEG: you will need to set the content header needed for the content.  You could use a switch statement or take it from another database field.

header("Content-type: image/jpeg");
echo $Image;
?>
[/code]

Hope this helps, though personally I wouldn't put this much load on a database server.

Dest

[hendoyeah]

thanx all for your suggestions.

the following code alters the header of a page and forces a download of an mp3.
My question is, is there any way for a user to figure out the original path of the mp3 when downloading using this method?

[quote]
$filelocation = "path-to-mp3/the-mp3-file.mp3";
header('HTTP/1.1 200 OK');
header('Date: ' . date("D M j G:i:s T Y"));
header('Last-Modified: ' . date("D M j G:i:s T Y"));
header("Content-Type: application/force-download");
header("Content-Lenght: " . (string)(filesize($filelocation)));
header("Content-Transfer-Encoding: Binary");
header("Content-Disposition: attachment; filename=".str_replace(" ", "", basename($filelocation))."");
readfile($filelocation);
echo($filelocation);
[/quote]

[fert]

I do not think there is any way for a person to find the original path.

[doni49]

Just store the file OUTSIDE the public area.  For example, my directory structure looks like this:

/home2
  /username
    /public_html
    /includes      <--I store include files here.  They can't be access from the web.  But PHP has full access to them.
     

[hendoyeah]

Perfect. Thank you all.