I am making an online streaming website where users can listen to audio or video files. Currently I am calling an mp3 file in an audio tag using below code.
Play
In my website a user can stream a song but cannot download it. DOWNLOADS ARE PAID. Above code is the worst thing to stream an audio file because when a user copies and pastes the above link on his browser, the song will be downloaded.
How can I securely stream the file without URL download option(user cannot copy the song url and download it).
I am using CodeIgniter(PHP framework), so how can I restrict a user to download the file directly.
You can use some .htaccess to direct all download requests to your PHP Script and not call the real files. Then your script can validate if the user is logged in, only then it will issue a download response. Otherwise even if someone gets the url it won't work for them because the request goes to your PHP Script and file itself is not served automatically
Take a look at this Create temporary URLs. You can do similar for your domain as well.
Related
Example:
if we hit the link of any document then we can easily download it. for example backup.sql inside the backup folder of the website then we can download it by hitting URL www.example.com/backup/backup.sql
I don't know which type of document the client will store there but obviously, it can be confidential that is why it is not shareable to all.
working:
now I am creating a certain document management tool where we can upload a document and download the document and can assign to users who can download that document but while creating I got the idea that anyone can brute force that folder just hitting URL with random names. backup.sql, database.sql and so on. I am using URL myself to make the document downloadable should I go with get_file_content()?.
I want to know if there is a way to download the file in a secure way example only the user that is logged in into my website can only download the file.
something like via htaccess or something else I can block the files directory from outside access. only the logged-in user can download the file and it will be blocked by outside access so that nobody can brute force it. I know I can block it via htaccess but I want them to download too but only for the users of my website.
maybe you should use "x-accel-redirect" for Nginx, and "X-Sendfile" for Apache.
I am showing PDF, Video file preview in my web application, but i want to give only read access to users, no one can`t download PDF & video files, I want to prevent users, how can we prevent users to download it using PHP ? only they can view, please share you ideas as soon as.
Thanks
Any content that is shown on the client's side, technically speaking, already downloaded to the user's machine. If the user is seeing the PDF file - it's already been downloaded.
For video: it's not that straightforward, you can organize a streaming of the video. It'll be fairly more complex for the user to download it as one file, but still, can be captured.
I'm trying to figure out how I could do both, force downloads of MP3 files from my Amazon S3 bucket and also allow them to be opened by the browser.
How can I control a link to either force a download or play the MP3 in the browser?
Doing some research, I've seen examples to do one or the other, but I need to be able to do both for each file depending on which link is clicked.
I'm using PHP to script my site.
I have a website when requires the user to be logged in to access the contents. I need to embed some music player which can play some mp3. But the mp3 download link cannot be public, so is there any way to pass the PHP session to any flash based players so that the user can listen to it.
Edit: I would want a ready made flash player which has this functionality. Ideally something like the yahoo media player which can be embedded easily
First, you need to remember that if you're serving MP3 files via straight download (not streaming) anyone can simply download the file and then share it (even if the originally-used URL itself expires). So if you really need to protect your files, then use e.g. Flash Media Server to stream the files.
If you don't need that level of protection, you can still protect the link. Instead of linking the media player directly to your MP3 file, link it to a .php script that serves the MP3 file. The PHP script will check the session; if it's valid, it will serve the correct file; otherwise, it will serve a this link is expired MP3. Here's a topic covering that.
Again, though, if you're serious about protecting the files you need to use a streaming server.
I would like to start a upload and download website for huge files (up to 1gb). I thought that it would be better to download the files using FTP (with PHP), because this protocol is especially used for these types of transfers.
The cliƫnt gets an email, including a download link to download the file (like yousendit.com). When they click on the link a download box appears. My problem is that I don't know how to show a download box using ftp and php. I have read that it isn't possible to immediately download a file by PHP, using FTP. Is this correct?
Do I have to create a temporary files on the server to let the client download the file? If yes, is this also a good solution for huge files?
What do you advice me to give the clients the possibility to download these huge files?
Thanks for your reply!
You can generate unique address based on session_id (create this folder on runtime and move huge file there) and redirect user to this link
For example, you have file huge.tgz
1. Send you client link http://***/user/john/file/huge.tgz
2. Ask user for auth in this page if they lost session
3. get session id
4. create on your server folder with name equals session id and move huge.tgz here
5. redirect user to unique ftp link ftp://***/17oe5kf8iYmpt66bjs89hcuo83/huge.tgz
You should disallow list files and directories on ftp server
Can't you send them an FTP link ? Why do you need PHP?
ftp://ftp12.freebsd.org/pub/FreeBSD/ls-lR.gz
You probably want to use PHP to handle everything but the file transfer. Once you have done all the checks you want you can redirect the browser to the file specifying the protocol as ftp. though you won't be able to have a progression bar in your site, the browser/ftp app will probably display one.