Reputation:
How do you hide the url of the .flv file in a flash player?
I use expiring urls to hide the urls of images I use on my sites, so that they can only be hotlinked for the duration of the life of the hash (1 hour).
I check the hash sent with the file url, against a hash on the server, if they match, the script calls the following code:
if (isset($_GET["hash"])) {
$this_min = date('Y-m-d-g',time()) . "salt" . $vid_id;
$current_hash = substr(md5($this_min),0,12);
$submitted_hash = mysql_real_escape_string($_GET["hash"]);
if ("$current_hash" == "$submitted_hash") {
$file_url2 = "directory/" . $vid_file;
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: inline; filename=\"".md5($vid_file)."\"");
readfile($file_url2);
exit;
} else {
$_SESSION["message"] = "Download link expired, refresh the page and try again";
$_SESSION["message_type"] = 0;
header("Location:" . $_SERVER['HTTP_REFERER']);
exit;
}
}
I use this in an tag (for example, <img src="index.php?id=123&hash=ew6rg5reg4">and it works perfectly. If the image is hotlinked, it will stop working when the hash changes, every hour (or minute if necessary). Unfortunately, this same method doesn't work when I use it to load .flv files into a flash player, such as the JW player . No .flv file is loaded.
Any way I can fix this or achieve the same thing with an alternate method?
Upvotes: 2
Views: 5789
Answers (5)
Reputation:
The only way to truly limit access to flv files is to implement some king of ACL on the server where the file is located or is streamed for. I'm using Wowza Media for live video streaming and the server has implemented several mechanisms to protect your files/ streams: ACL based authentication, StreamNameAlias ...
Upvotes: 0
Reputation: 49
you can stop referrers other than your domain with htaccess fils (apache server only)
RewriteEngine On
Options +FollowSymLinks
<ifmodule mod_rewrite.c>
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|png|mp3|mpg|avi|mov|flv)$ - [F]
</ifmodule>
Upvotes: 1
Reputation: 4641
You can't really hide a downloading URL very effectively. Safari, for example, exposes all resources downloaded via the Activity window. Just look for the item that is MB in size and that's your FLV file.
The only way to keep people from ripping your FLVs is to use RTMP streaming, where they never get access to the full file.
Upvotes: 2
Reputation: 6943
It should work fine with JW player etc, too.
Some servers, for example nginx, have modules to very efficiently do this sort of validation so you don't have to do it in PHP.
Upvotes: 0
Reputation: 9267
Would be interesting to know what runtime error the player script throws ?
You may have more chances to make it work with the MIME type set to video/x-flv or flv-application/octet-stream.
Upvotes: 0
Related Questions
- Hiding requests of Flash movie from browser
- is there anyway to hide swf path?
- Hiding php files from browser, but calling them from flash?
- How to make a swf a link without the original fla file?
- Get flv file with PHP for embedded swf control
- Get FLV file URL from a webpage
- embed sound file without revealing source URL
- Hide file source with PHP for divx player
- Hiding source in flash player
- How to make flash file not downloadable?