I was hoping to just conceal the filename of the mp3 through the php file. I know it is probably quite easy to get around if you’re determined, but I was just looking to make it a bit fairer (for a competition).
Inn general, forget concealing anything in HTML. Your visitors are downloading your content to their computer so it’s easy to see what’s been served and make a copy of that content.
However, in this case, you can hide the actual filename using a PHP script to serve the MP3, e.g.
<embed src=“serve.php?file=1” …/>
In your serve.php file, use something like (untested):
Unfortunately, on the page with the embed code, I’m still being prompted to install a plugin (to which Firefox says “Unknown Plugin”). If I go directly to the serve.php page, I’m prompted to download the file.
It appears that the proper header is neither audio/mp3 nor audio/mpeg3, but audio/mpeg.
I’m not sure about the Accept-Ranges header - I’ve never seen that before, but it’s a good idea to send Content-Length, like in ceeb’s example above.
Note though, that you get some overhead by serving the file through PHP this way. For a high traffic site, I would recommend a different strategy.
One last question, is there a way I can get the script to die() if the user has attempted to visit this page by entering it in the address bar for instance?