How to block a video from being accessed via url?

[Chrisj]

I thought hashed md5 solution would replace the url/path with a fake url/path that would disappear when the user session is over, and next time that video is played a new fake url/path will be displayed, so I understand "use it in order to identify which video your script should be displaying"?

[Zane]

@Chrisj What have you tried so far.  It sounds like you're just grasping for an understanding of how to do what you're wanting to do with no knowledge of how to use the guidance given to you.  It's as if you're asking us how to fly a rocket-ship, yet you have no rocket-ship at all.  Or, how do I use a book binder without even owning one.  There's no substance anymore to your questions.

What is hashing?

Hashing is when you take an object (a string, an array, a file, etc) and run it through an algorithm that returns a 32 character garbled string of "random" letters and numbers.  It's irreversible.  Well, there are ways of speculating what the hash came from, but that's an entirely different realm -- security. 

Anyway, try something first and then come back telling us what you've tried.  At that point you should be able to ask a clearer and less broad question.

[Chrisj]

Many thanks again for your posting/reply.  I have added this code to an .htaccess file:

RewriteEngine OnRewriteCond %{REQUEST_URI} \.(mp4)$ [NC]
RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L]

I have added this php file:

<?php
$v = $_GET['video'] ?? null;

if(file_exists($v)) {
    unlink($v);
    header('Content-type: application/mp4');
    header('Content-Disposition: inline; filename=video.mp4');    
    readfile("./mytestvideoo.mp4");    
} else
   http_response_code(404);

named validate.php to the main directory.

I just don't know what to do with this:

//Generate the link

$normalText = "this is just your average string with words and stuff";

$hashedText = md5($normalText);

fopen($hashedTest, 'w');

echo "<a href='validate.php?video={$hashedText}'>Link to the video</a>

should I put it in a .txt file and add it to my main directory? If so, named what?

That's just what I'm not clear on before I test all this.

I look forward to your comments/anything you'd like to share.

[Chrisj]

I have added this to .htaccess:

RewriteCond %{REQUEST_URI} \.(mp4)$ [NC]
RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L]

and added a validate.php file, containing this:

<?php
$v = $_GET['video'] ?? null;

if(file_exists($v)) {
    unlink($v);
    header('Content-type: application/mp4');
    header('Content-Disposition: inline; filename=video.mp4');
    readfile("./mytestvideo.mp4");
} else
   http_response_code(404);

to the root directory. And then searched and played a video, but still see the unmasked url/path to the video, instead of this type of url/path:

http://mymp4.com?validate.php?video=40f677a45113eb829e345d278b8d1d31

as I was hoping for.

I'm sure I must have something incomplete.

Any additional guidance you'd like to share is much appreciated.

Much thanks again

[Zane]

How are you generating these links?

[Chrisj]

Thanks for your reply.

The php web script that I'm trying to modify generates the url/path from where the video file is stored, for example:

http://......com/uploads/video/2019/10/BevI9Fl33FErYiqflaV8_31_1489faaeb187967564c2f5986a498c.mp4

[Chrisj]

In fact,

this blocks videos from playing at all:

RewriteCond %{REQUEST_URI} \.(mp4)$ [NC]
RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L]

when these .htaccess lines are commented-out, the videos play as normal.

Any additional help is welcomed.