Hide video URL

Hello
I found a post about this on this forum, but I cant understand how to make it work and the topic is closed, so this is why I ask here.

Please someone tell me, how can I make it work with a simple example, or anything…

The post was this:

Ok, you’ll need to set your server up such that
your videos cannot be directly reached by the webserver. For example,
on a Media Temple server each of your sites is in a folder with the
domain name, say “myvideosite.com” and in that folder they set up an
html folder, and the website lives in that folder. You can put your
videos in the “myvideosite.com” folder at the same level as html.

In the page that presents your video start the session and get its id.

session_start();
$sid = session_id();

Now, for each video you’re going to display hash its server side path and the session id.

$hash = md5($path.$sid);
$_SESSION[$hash] = $path;

md5 is safe here as long as you don’t include the full path to the
video from the root - the path from the videos folder on down should be
sufficient. If there aren’t many videos that might just be a file name.
Now, when giving the link you use the hash instead of the real name.

Your index page can now look up the video the user want’s from the session variable.

$path = $_SESSION[$_GET[‘video’]];

The web server destroys the session variable when the browser is
closed or when a certain amount of time has elapsed without a page load -
by default 24 minutes. This can be changed in the PHP ini file.

This works because the session id is needed to build the hash. Even
if they copy the URI, the path stops working when the session expires.
If they start a new session they’ll get new URI’s. You will need to
pass your videos through PHP using the streaming functions, but that’s
another topic.

Hi BSBalazs welcome to the forum

There’s quite a bit there (no such thing as a “simple” example) .

What part don’t you understand / how far did you get before you got stuck?

Thanks for the fast answer.
For the test, I created a test.php and the “relax3.mp4” video file is also uploaded in the same folder.

test.php

<?php
session_start();
$sid = session_id();

$path = "relax3.mp4";

$hash = md5($path.$sid);

$_SESSION[$hash] = $path;

?>

<html>
<head></head>
<body>
    
    <video width="320" height="240" controls>
        <source src="test.php?video=<?= $hash ?>" type="video/mp4">
    </video>

</body>
</html>

I cant understand how I need to set up this, because my language is not english.
I just try to make a working example, where I play the “relax3.mp4” but with my code it is not working yet and I not understand the logic way, how it need to be work.

So you uploaded the video to the wrong place. The HTML page needs to be where it can be accessed by visitors. The video needs to be in a folder at a higher level where it is not directly accessible and where it can only be accessed via a relative reference from the web page.

I think a good first step would be to get the directory structure set up.

Assuming you are on a shared host, it might look like

main_host_root/ 
.. some_site/
.. another_site/ 
.. your_site/
.. .. your_sites_public_html_folder/
.. .. .. index.php 
.. .. .. css/ 
.. .. .. .. style.css 
.. .. .. javascript/ 
.. .. .. .. site.js 
.. .. .. images/
.. .. .. .. logo.png

etc.

On the same level as your_sites_public_html_folder/ aka “the root folder”
create a sibling folder to hold the videos. eg.

.. your_site/
.. .. your_sites_public_html_folder/
.. .. .. the_new_test_file.php
.. .. your_video_folder/ 
.. .. .. relax3.mp4

then test to see that works up to this point with

<?php
$ctype= 'video/mp4';
header('Content-Type: ' . $ctype);
$file_path_name = "../your_video_folder/relax3.mp4";
$handle = fopen($file_path_name, "rb");
$contents = fread($handle, filesize($file_path_name));
fclose($handle);
echo $contents
?>
1 Like

Thanks, it is working at now with your example, but I like to make the html5 player as in the post what I shared in my first post. Can you give me the second step? :slight_smile:

Great, that means the set-up is good :smile_cat:

To summarize, there is the “your_video_folder” above the site root.
The contents of this folder can not be accessed directly from a browser.
A file that can be accessed from the browser can get the files and serve them to the browser.

Leaving the “your_video_folder” alone, you can now have the “the_new_test_file” process POST, COOKIE, SESSION, GET values to control what file if any to serve.

To “the_new_test_file” add some conditional tests and some “else” code so it looks like this

<?php
if ( ($_SERVER['REQUEST_METHOD'] === "GET") 
     && ( isset($_GET['show_the_video']) ) 
     && ($_GET['show_the_video'] == "ABC123") ) {
$ctype= 'video/mp4';
header('Content-Type: ' . $ctype);
$file_path_name = "../your_video_folder/relax3.mp4";
$handle = fopen($file_path_name, "rb");
$contents = fread($handle, filesize($file_path_name));
fclose($handle);
echo $contents;
} else {
echo "<h1>I'm Sorry</h1>";
}
?>

Then create a new file with links to it eg.

<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Videos Above Root Test</title>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<style type="text/css">
ul {
 list-style: none;
}
li {
 display: inline-block;
 margin: 0 1em;
}
</style>
<script type="application/javascript">
// script needed before the DOM is loaded here
</script>
</head>
<body>
<h1>Videos Above Root Test</h1>
<ul>
  <li>
    <a href="the_new_test_file.php?show_the_video=ABC123">Play Video</a>
  </li>
  <li>
    <a href="the_new_test_file.php">No GET value</a>
  </li>
  <li>
    <a href="the_new_test_file.php?show_the_video=BOGUS">Wrong GET value</a>
  </li>
</ul>
<script type="application/javascript">
// script that needs the DOM to be loaded here
</script>
</body>
</html>

Then go to the new file in your browser and try the links (need to use the back button to get back to it after clicking a link at this point)

Thanks, it is okay, but I interesting the solution what I shared in my first post, when I can use the html5 video/audio player. Your example is total different I think… or not?

I prefer to think of it as preliminary rather than totally different. Getting there. After this it’s a simple matter of using SESSION instead of GET

If those links work as far as being able to display the video when, and only when, the URL has the correct GET you can now replace the links with the video and source tags and make sure that works.

<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Videos Above Root Test</title>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<style type="text/css">
</style>
<script type="application/javascript">
// script needed before the DOM is loaded here
</script>
</head>
<body>
<h1>Videos Above Root Test</h1>
<video controls>
  <source src="the_new_test_file?show_the_video=ABC123" type="video/mp4">
</video>
<script type="application/javascript">
// script that needs the DOM to be loaded here
</script>
</body>
</html>

Cool, This is what I need. Thanks! :slight_smile:

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.