I am using PHP to prevent downloading of video files played on my site. I use a PHP endpoint to hide the video file URL, I store a token in database for each play request, also I set a temporary password for each play request and store it in a session. I check the token and the password in the session with values stored in database. Also I check the user agent of the page requesting the video with the user agent of the PHP video player endpoint to be the same. I check the referrer page of the video player PHP to be from my site as well.
So far, I managed to prevent downloading the video by copying the video URL into the browser or into a download manager. But IDM Download Panel (a browser integrated download manager) still can download the video. I guess that's because it can fake it to be part of the browser and the open session and uses the same session, user agent, etc.
I wanted to know how can I prevent a download manager that is integrated into browser from downloading the video file.
One way is deleting the token from database, or mark it as "played" once the video play started. But if I do this, users will not be able to go forward and backwards on the video.
Any ideas would be really appreciated.
Related
I'm working a script which need to restrict video download for users, they only allow to watch online,
I'm currently use "video.js" script for the player,
I already restricted right click function,
jQuery('.video-js').bind('contextmenu',function() { return false; });
also added dynamically load videos like
https://exmaplle.com/loadvid.php?video=fire.mp4&seskey=1a2asasd125asdasdasdasdas
but when i check using some FireFox extensions. those give ability to download the video file.
Is there anyway to prevent download videos using browser extensions, or are there have another players which support secure video play.
That jQuery code only disables the browser's context menu. It doesn't stop anyone from downloading the video in any way other than through that menu.
Using token authentication is useful to stop users sharing the link, but won't stop a download extension from downloading the URL from the same session, as the token is still valid.
A segmented format such as HLS or MPEG-DASH is harder for the casual user to download, but there are probably download extensions that will be able to convert them to MP4. DRM (which Video.js supports) is the most secure, but obviously comes with a high overhead of cost and complexity.
I sell video in my website. users must pay to have access to files (to download or stream them online)
problem: the video files are not on my main server! i store them on another server.(special server for download. i don't want to use the bandwidth of my main server) i don't want to provide the users with the direct link. (not to let them share the links with others...). how can i let them to download the files or stream the videos without giving them the direct links?
points:
- I can not have database(mysql) in my download server.
- i don't want to use the bandwidth of my main site. just checking payments and controlling user accounts.
- streaming is not so important. but i have to let them download the files.
- i have seen in woo commerce plugin(wordpress) which creates temporary download links even for remote server. i checked solutions for temp download link but all works for the same server not remote one....
The easiest way I think this could happen is:
The public server must be able to establish an SSH (preferably) connection to the other server with appropriate permissions.
Upon successful request, create a random symlink pointing to the original file.
Store the symlink filename in a database, and save the user's IP as well - or some other unique identifier (or md5'd IP + User Agent - it's up to you).
If the request is valid (matches the record in the database), let him download the file. Otherwise redirect him to an error page.
Set up a cron to delete symlinks older than X hours.
I am making an online streaming website where users can listen to audio or video files. Currently I am calling an mp3 file in an audio tag using below code.
Play
In my website a user can stream a song but cannot download it. DOWNLOADS ARE PAID. Above code is the worst thing to stream an audio file because when a user copies and pastes the above link on his browser, the song will be downloaded.
How can I securely stream the file without URL download option(user cannot copy the song url and download it).
I am using CodeIgniter(PHP framework), so how can I restrict a user to download the file directly.
You can use some .htaccess to direct all download requests to your PHP Script and not call the real files. Then your script can validate if the user is logged in, only then it will issue a download response. Otherwise even if someone gets the url it won't work for them because the request goes to your PHP Script and file itself is not served automatically
Take a look at this Create temporary URLs. You can do similar for your domain as well.
I have a PHP website and I want my visitors (logged in users) to record their webcam and save video on server. I wrote the streaming code and it works well between Flash and RED5. The only question is, by what name should I save the video?
One possible approach is when the PHP page loads, I output logged in user's username and pass it into Flash and Flash passes it to RED5 server and then RED5 server creates a video by that username. My users will be only having 1 video/account so this will work well.
Is there any better approach than this one? Is there any downside to what I have planned?
I have a website when requires the user to be logged in to access the contents. I need to embed some music player which can play some mp3. But the mp3 download link cannot be public, so is there any way to pass the PHP session to any flash based players so that the user can listen to it.
Edit: I would want a ready made flash player which has this functionality. Ideally something like the yahoo media player which can be embedded easily
First, you need to remember that if you're serving MP3 files via straight download (not streaming) anyone can simply download the file and then share it (even if the originally-used URL itself expires). So if you really need to protect your files, then use e.g. Flash Media Server to stream the files.
If you don't need that level of protection, you can still protect the link. Instead of linking the media player directly to your MP3 file, link it to a .php script that serves the MP3 file. The PHP script will check the session; if it's valid, it will serve the correct file; otherwise, it will serve a this link is expired MP3. Here's a topic covering that.
Again, though, if you're serious about protecting the files you need to use a streaming server.