i'm making a website for a friend with his movies in, he wants users to login before being able to view these movies, i don't know how to stop them viewing it by typing in the address.
Thanks, expect many more help requests as i am a noob ;)
- Alee
alee
0
Newbie Poster
Recommended Answers
Jump to PostPLEASE BE CAREFUL!!!!!
if you start usign variables in the following script other users can do very malicious things with it! Including download your PHP source code!!!! which (if you use a db) would contain your database passwords!!!!you must also set the appropiate MIME type if you are …
All 3 Replies
paradox814
1
Posting Whiz
PLEASE BE CAREFUL!!!!!
if you start usign variables in the following script other users can do very malicious things with it! Including download your PHP source code!!!! which (if you use a db) would contain your database passwords!!!!
you must also set the appropiate MIME type if you are not usign the type i specified. and replace the whole login thing with your own validation scheme, this should be all u need.
<?php
if (!$logged_in)
{
echo "so sorry you must log in!";
exit();
}
//the following 3 lines means they must always download a fresh copy (just to verify they are logged in!)
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-type: video/mpeg"); //works for .mpe .mpeg .mpg
//to force the end user to download the file, uncomment the following line, otherwise it will stream from your site (aka lots of bandwidth)
//header("Content-Disposition: attachment; filename=video.mpg");
//replace this next line with the appropiate file name
readfile('my-super-secret-private-video.mpg');
?>
alee
0
Newbie Poster
so its ok if i just use that code without editing it?
I will have to edit it to work with my php a little. like the user logged condition thingy.
But thanks VERY much, but surely. can't they still point their browser to the actual file?
paradox814
1
Posting Whiz
so its ok if i just use that code without editing it?
no you will need to change the file name to whatever your actual file name is myvideo1.mpg then that would replace my-super-secret-private-video.mpg
But thanks VERY much, but surely. can't they still point their browser to the actual file?
they can but that assumes they know the real file name, as the file they will be sent will be automatically renamed to video.mpg. The other thing is yes that was a very astute observation they can still point their browser to the real file name (assuming they know the real file name, or you have your .htaccess file to allow indexing), so to avoid this possibility you should place your video file in the parent directory of your public_html folder, so if you did this you could call the file by saying: /private/my-super-secret-private-video.mpg instead of just usign my-super-secret-private-video.mpg (make the path absolute so it doesn't matter what folder the php file is in.
Advanced note: when usign relatives path your "/" directory is NOT always the same in php as it is in FTP / SSH (check with your webhost to find out what is your home directory or look in the phpinfo() command)
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.