Jump to content
Chrisj

How to block a video from being accessed via url?

Recommended Posts

I thought hashed md5 solution would replace the url/path with a fake url/path that would disappear when the user session is over, and next time that video is played a new fake url/path will be displayed, so I understand "use it in order to identify which video your script should be displaying"?

Share this post


Link to post
Share on other sites

@Chrisj What have you tried so far.  It sounds like you're just grasping for an understanding of how to do what you're wanting to do with no knowledge of how to use the guidance given to you.  It's as if you're asking us how to fly a rocket-ship, yet you have no rocket-ship at all.  Or, how do I use a book binder without even owning one.  There's no substance anymore to your questions.

What is hashing?

Hashing is when you take an object (a string, an array, a file, etc) and run it through an algorithm that returns a 32 character garbled string of "random" letters and numbers.  It's irreversible.  Well, there are ways of speculating what the hash came from, but that's an entirely different realm -- security. 

Anyway, try something first and then come back telling us what you've tried.  At that point you should be able to ask a clearer and less broad question.

Share this post


Link to post
Share on other sites

Many thanks again for your posting/reply.  I have added this code to an .htaccess file:

RewriteEngine OnRewriteCond %{REQUEST_URI} \.(mp4)$ [NC]
RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L]

I have added this php file:

<?php
$v = $_GET['video'] ?? null;

if(file_exists($v)) {
    unlink($v);
    header('Content-type: application/mp4');
    header('Content-Disposition: inline; filename=video.mp4');    
    readfile("./mytestvideoo.mp4");    
} else
   http_response_code(404);

named validate.php to the main directory.

I just don't know what to do with this:

//Generate the link

$normalText = "this is just your average string with words and stuff";

$hashedText = md5($normalText);

fopen($hashedTest, 'w');

echo "<a href='validate.php?video={$hashedText}'>Link to the video</a>

should I put it in a .txt file and add it to my main directory? If so, named what?

That's just what I'm not clear on before I test all this.

I look forward to your comments/anything you'd like to share.

Share this post


Link to post
Share on other sites

I have added this to .htaccess:

RewriteCond %{REQUEST_URI} \.(mp4)$ [NC]
RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L]


and added a validate.php file, containing this:

<?php
$v = $_GET['video'] ?? null;

if(file_exists($v)) {
    unlink($v);
    header('Content-type: application/mp4');
    header('Content-Disposition: inline; filename=video.mp4');
    readfile("./mytestvideo.mp4");
} else
   http_response_code(404);


to the root directory. And then searched and played a video, but still see the unmasked url/path to the video, instead of this type of url/path:

http://mymp4.com?validate.php?video=40f677a45113eb829e345d278b8d1d31

as I was hoping for.

I'm sure I must have something incomplete.

Any additional guidance you'd like to share is much appreciated.

Much thanks again

Share this post


Link to post
Share on other sites

Thanks for your reply.

The php web script that I'm trying to modify generates the url/path from where the video file is stored, for example:

http://......com/uploads/video/2019/10/BevI9Fl33FErYiqflaV8_31_1489faaeb187967564c2f5986a498c.mp4

Share this post


Link to post
Share on other sites

In fact,

this blocks videos from playing at all:

RewriteCond %{REQUEST_URI} \.(mp4)$ [NC]
RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L]

when these .htaccess lines are commented-out, the videos play as normal.

Any additional help is welcomed.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.