SitePoint Sponsor

User Tag List

Results 1 to 9 of 9

Hybrid View

  1. #1
    SitePoint Member
    Join Date
    Dec 2006
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Using PHP to Hide the Location of MP3 Files While Streaming

    One of my friends is a small time DJ that is just starting out but wants to enable anyone to find out about him, so, he started a small website and asked me to help him out. I suggested that he let people listen to a few select mixes he has done through a flash MP3 player. Since these songs will be the full deal (after all, everyone hates those little 30-second clips) we want to stream them through a flash media player so that people don't have to download the songs. In order to protect them, we want to place the files in a non-web-accessible directory and use a PHP file to refer to them.
    We have a MP3 player all ready called "Dewplayer" (see the Google translated english version here) that we think will work well for it.
    The normal code used to retrieve the songs is this (sorry some of it is in French):
    HTML Code:
    <object type="application/x-shockwave-flash" data="dewplayer.swf? son=votre_son.mp3" width="200" height="20"> <param name="movie" value="dewplayer.swf? son=votre_son.mp3"/> </object>
    However, we want to replace it with something like this:
    HTML Code:
    <object type="application/x-shockwave-flash" data="dewplayer.swf? son=song.php?1" width="200" height="20"> <param name="movie" value="dewplayer.swf?son=song.php?1"/> </object>
    I am not very sure how to do this since I haven't tried anything like it before. I'm pretty sure I've seen it done for both this and pictures so I'm sure it's possible.

  2. #2
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes its possible, but what do you plan to accomplish by doing this?

    the user can still type that url into thier browser, and they will get the file just the same. all you have accomplished is changing the way the url looks.

    now, of course you could do more than just serve the file with a php script. for example, you could use sessions in that php script and deny the file if a certain session variable isnt set, and only set this session variable if they visit a certain page or perform a certain action. or use sessions to limit how many files they can download, although i dont see much point in that.

  3. #3
    Non-Member
    Join Date
    Apr 2006
    Location
    Scotland
    Posts
    325
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    if (is being accessed by public) {
    header ('Location: you-thief.html');
    } else {
    $songid $_GET['id'];
    include (
    '/place-below-the-public-directory/song' $songid '.mp3');

    Im not sure how to do the "if (is being accessed by public)" but I know its possible (and is actually really easy, just I forget and its 5:20 am here).

    Edit: Wow I actually did something semi-useful for once

  4. #4
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mikexx2020 View Post
    Im not sure how to do the "if (is being accessed by public)" but I know its possible (and is actually really easy, just I forget and its 5:20 am here).
    No, it's impossible because of how the HTTP protocol works. You can do some tricks to try and guess at which user agent (browser or flash widget) is requesting the file, but it would only be a very simple protection. A user with just a tiny bit of hackerskills would easily get past it. If that's enough for you, you can go ahead, but if you want serious protection, you can't stream over the net.

  5. #5
    Non-Member
    Join Date
    Apr 2006
    Location
    Scotland
    Posts
    325
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kyberfabrikken View Post
    No, it's impossible because of how the HTTP protocol works. You can do some tricks to try and guess at which user agent (browser or flash widget) is requesting the file, but it would only be a very simple protection. A user with just a tiny bit of hackerskills would easily get past it. If that's enough for you, you can go ahead, but if you want serious protection, you can't stream over the net.
    Well lots of things do it eg SMF's SSI.php file. If you access it directly it exits.

    Heres one method maybe?
    PHP Code:
    if (preg_match("feeder.php",$_ENV["SCRIPT_NAME"])) {
    header ('Location: you-thief.html');
    } else {
    $songid $_GET['id'];
    include (
    '/place-below-the-public-directory/song' $songid '.mp3');

    So final thing is like this: Have a file called you-thief.html. This is where the user is sent if they are bad people :P . In your player the location for the song is feeder.php. Inside feeder.php have the code above.

    Then have all the songs in a folder where the public cant get to it and use that in line 5 of the above.

  6. #6
    SitePoint Member
    Join Date
    Dec 2006
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mikexx2020 View Post
    Well lots of things do it eg SMF's SSI.php file. If you access it directly it exits.

    Heres one method maybe?
    PHP Code:
    if (preg_match("feeder.php",$_ENV["SCRIPT_NAME"])) {
    header ('Location: you-thief.html');
    } else {
    $songid $_GET['id'];
    include (
    '/place-below-the-public-directory/song' $songid '.mp3');

    So final thing is like this: Have a file called you-thief.html. This is where the user is sent if they are bad people :P . In your player the location for the song is feeder.php. Inside feeder.php have the code above.

    Then have all the songs in a folder where the public cant get to it and use that in line 5 of the above.
    Thank you! I will try this code out tonight!

  7. #7
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mikexx2020 View Post
    Well lots of things do it eg SMF's SSI.php file. If you access it directly it exits.

    Heres one method maybe?
    PHP Code:
    if (preg_match("feeder.php",$_ENV["SCRIPT_NAME"])) {
    header ('Location: you-thief.html');
    } else {
    $songid $_GET['id'];
    include (
    '/place-below-the-public-directory/song' $songid '.mp3');

    you do not want to block access to the script. how is the user supposed to get the file then?

    more likely you are thinking of checking for the HTTP_REFERER, which is an _optional_ value some browsers send. it is also spoofed as easily as forging a form value, because it is user supplied data. this might stop an amateur if youre lucky.

  8. #8
    SitePoint Guru MikeBigg's Avatar
    Join Date
    Jun 2004
    Location
    Reading, UK
    Posts
    970
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In any case, once the sound is being played on a users system, it is very easy to record it and save it to an MP3 file (in the digital realm if that matters to you).

    I do it all the time with streamed songs on MySpace.

    Mike

  9. #9
    SitePoint Wizard bronze trophy devbanana's Avatar
    Join Date
    Apr 2006
    Location
    Pennsylvania
    Posts
    1,736
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why not install shoutcast and stream through there? Further, shoutcast now has a program for streaming music through Linux (instead of the conventional streaming through winamp). If you wanted, you could use PHP to display which song is currently playing, since Shoutcast displays this information through an XML file.

    You can even make the software shuffle your playlist, and if you need to update the playlist, just change the file and send a certain signal to the daemon (I think it's SIGUSR1 or something).

    I have this setup on my VPS for a web site I plan to be making sometime in the near future, and it works great.
    Laudetur Iesus Christus!
    Christ's Little Flock
    Jesus is the Good Shepherd


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •