954,561 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
7 Years Ago
0

PHP Query, Make users login before accessing a movie?

i'm making a website for a friend with his movies in, he wants users to login before being able to view these movies, i don't know how to stop them viewing it by typing in the address.

Thanks, expect many more help requests as i am a noob ;)

- Alee

alee
Newbie Poster
2 posts since Jan 2005
Reputation Points: 10
Solved Threads: 0
 
7 Years Ago
0

PLEASE BE CAREFUL!!!!!
if you start usign variables in the following script other users can do very malicious things with it! Including download your PHP source code!!!! which (if you use a db) would contain your database passwords!!!!

you must also set the appropiate MIME type if you are not usign the type i specified. and replace the whole login thing with your own validation scheme, this should be all u need.

<?php

if (!$logged_in)
{
	echo "so sorry you must log in!";
	exit();
}


//the following 3 lines means they must always download a fresh copy (just to verify they are logged in!)
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Pragma: no-cache");


header("Content-type: video/mpeg"); //works for .mpe .mpeg .mpg


//to force the end user to download the file, uncomment the following line, otherwise it will stream from your site (aka lots of bandwidth)
//header("Content-Disposition: attachment; filename=video.mpg");

//replace this next line with the appropiate file name
readfile('my-super-secret-private-video.mpg');

?>
paradox814
Posting Whiz
351 posts since Oct 2004
Reputation Points: 13
Solved Threads: 4
 
7 Years Ago
0

so its ok if i just use that code without editing it?

I will have to edit it to work with my php a little. like the user logged condition thingy.

But thanks VERY much, but surely. can't they still point their browser to the actual file?

alee
Newbie Poster
2 posts since Jan 2005
Reputation Points: 10
Solved Threads: 0
 
7 Years Ago
0
so its ok if i just use that code without editing it?


no you will need to change the file name to whatever your actual file name is myvideo1.mpg then that would replace my-super-secret-private-video.mpgBut thanks VERY much, but surely. can't they still point their browser to the actual file?
they can but that assumes they know the real file name, as the file they will be sent will be automatically renamed to video.mpg. The other thing is yes that was a very astute observation they can still point their browser to the real file name (assuming they know the real file name, or you have your .htaccess file to allow indexing), so to avoid this possibility you should place your video file in the parent directory of your public_html folder, so if you did this you could call the file by saying: /private/my-super-secret-private-video.mpg instead of just usign my-super-secret-private-video.mpg (make the path absolute so it doesn't matter what folder the php file is in.

Advanced note: when usign relatives path your "/" directory is NOT always the same in php as it is in FTP / SSH (check with your webhost to find out what is your home directory or look in the phpinfo() command)

paradox814
Posting Whiz
351 posts since Oct 2004
Reputation Points: 13
Solved Threads: 4
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed