i'm making a website for a friend with his movies in, he wants users to login before being able to view these movies, i don't know how to stop them viewing it by typing in the address.

Thanks, expect many more help requests as i am a noob ;)

- Alee

PLEASE BE CAREFUL!!!!!
if you start usign variables in the following script other users can do very malicious things with it! Including download your PHP source code!!!! which (if you use a db) would contain your database passwords!!!!

you must also set the appropiate MIME type if you are not usign the type i specified. and replace the whole login thing with your own validation scheme, this should be all u need.

<?php

if (!$logged_in)
{
	echo "so sorry you must log in!";
	exit();
}


//the following 3 lines means they must always download a fresh copy (just to verify they are logged in!)
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Pragma: no-cache");


header("Content-type: video/mpeg"); //works for .mpe .mpeg .mpg


//to force the end user to download the file, uncomment the following line, otherwise it will stream from your site (aka lots of bandwidth)
//header("Content-Disposition: attachment; filename=video.mpg");

//replace this next line with the appropiate file name
readfile('my-super-secret-private-video.mpg');

?>

so its ok if i just use that code without editing it?

I will have to edit it to work with my php a little. like the user logged condition thingy.

But thanks VERY much, but surely. can't they still point their browser to the actual file?

so its ok if i just use that code without editing it?

no you will need to change the file name to whatever your actual file name is myvideo1.mpg then that would replace my-super-secret-private-video.mpg

But thanks VERY much, but surely. can't they still point their browser to the actual file?

they can but that assumes they know the real file name, as the file they will be sent will be automatically renamed to video.mpg. The other thing is yes that was a very astute observation they can still point their browser to the real file name (assuming they know the real file name, or you have your .htaccess file to allow indexing), so to avoid this possibility you should place your video file in the parent directory of your public_html folder, so if you did this you could call the file by saying: /private/my-super-secret-private-video.mpg instead of just usign my-super-secret-private-video.mpg (make the path absolute so it doesn't matter what folder the php file is in.

Advanced note: when usign relatives path your "/" directory is NOT always the same in php as it is in FTP / SSH (check with your webhost to find out what is your home directory or look in the phpinfo() command)

This article has been dead for over six months. Start a new discussion instead.