Streaming Media Authentication in PHP

Question

We are adding streamed media to our website using a third-party service.

The basic workflow is intended to go something like this:

1. User logs into our site
2. User clicks a link to load a streamed podcast / video.
3. The link points to a PHP script that verifies that this user has access to the requested resource.
4. The php script exits and the stream is delivered to the client.

Our streaming media files will all be uploaded to the third-party service as flv's and played from the longtail player.

My question is regarding steps 3 and 4 above. How do I authenticate against a server side script, then allow the stream to be delivered without having the PHP script run forever which would greatly increase the load on our server?

Answer 1

This is not in PHP, but I think it can solve your problem:

http://lakin.weckers.net/code/web/apache-mod-rewrite-secure-downloads/

The idea is to generate a temporary directory on the fly, and put mod_rewrite directives into .htaccess file in this directory. Then create symlinks to the files which are in another directory without any web access to it.

Answer 2

If you are streaming from a file (as opposed to a live source) you can do the authorization in PHP and redirect to the file using a secure download mechanism. This requires interacting with the web server, and they each behave a little differently.

As an example of this, check out mod_secdownload from lighttpd. The documentation has a PHP example. If you are able to, using lighttpd for serving up your static files would be a great solution for this.