CODEWITHSUNDEEP
php.htaccessvideo
yusufshakeel
yusufshakeel

Reputation: 449

Prevent lesson videos from being accessed directly | e-learning

e-learning platform: The instructor of a course will be uploading videos while creating lessons for the course.

Diagram

             create            has            consists of
instructor ---------> course ------> lesson --------------> video

When GET request is made for the lesson l1 of the course c1 by the students, the server will respond back the following JSON response (if student is logged in and signed up for the course)

{
    "success" : [
        {
            "courseid" : "c1",
            "lessonid" : "l1",
            "title" : "Sample lesson #1",
            "video" : "http://www.example.com/lesson/l1/video.mp4",
            "videothumbnail" : "http://www.example.com/lesson/l1/videothumbnail.png"
        }
    ]
}

Requirement

Make lesson video accessible only from http://www.example.com/course?courseid=c1&lessonid=l1 page when student is logged in and signed up for the course.

What I have done

I have prevented the direct access of the lesson video by writing the following line in .htaccess file which I have placed inside the lesson folder.

#prevent direct access to the lesson folder and its contents
order deny,allow
deny from all
allow from XXX.XXX.XXX.XXX

Where, XXX.XXX.XXX.XXX is the IP address of the server.

I even tried the following:

#prevent direct access to the lesson folder and its contents
deny from all

Now if the video link is copy-pasted in a browser the following error message is shown.

Forbidden

You don't have permission to access /lesson/l1/video.mp4 on this server.

So, it is successfully preventing direct access of the video when I copy paste the video link in the browser http://www.example.com/lesson/l1/video.mp4

Issue

But when I try to access the video from the course page http://www.example.com/course?courseid=c1&lessonid=l1 I get the following error message in the browser console.

Failed to load resource: the server responded with a status of 403 (Forbidden)

Kindly suggest a way to make the lesson video only accessible from the course page.

Backend

Upvotes: 1

Views: 179

Answers (1)

Nikhil Pradeep
Nikhil Pradeep

Reputation: 21

You can just move the includes folder out of the web-root. If you want to block direct access to the whole includes folder then you can put a .htaccess file in that folder that contains just:

deny from all

Like this you cannot open any file from that folder and you can include them in php without any problems.

Upvotes: 1

Related Questions