Restricting access to videos?

General discussions related to php

Moderators: egami, macek, gesf

Post Reply
New php-forum User
New php-forum User
Posts: 3
Joined: Mon Apr 09, 2018 2:51 pm

Sat May 25, 2019 11:49 am

I need to restrict pdf and video content on a learning platform website from being accessible to non users. For the pdf files I put them above the public html folder then used a php file to get the pdf using filegetcontents.

However the video side has been a nightmare. The code below works for a small video on Chrome, Firefox, Operah but not on safari which means no macs, iphones or ipads. Also I think it might fail for a bigger video anyway because I think it needs to read the whole file into memory before outputting.

Code: Select all

header('Content-Type: video/mp4');
header('Accept-Ranges: bytes');
My only idea is :

- place the videos under the public folder like this (final folder name is 64bits of random characters)
public html /mywebsite/user_area/secret_videos/fuytfkuyiyfuy765765ffjfgjghjhguruedjy/
- Each video gets a name of 64bits of random characters (i.e hard to guess or manipulate the url)
- The videos are only linked via a php file which hashes the session and path together so the user only gets a hashed link that lasts as long as the session does
- There are no html links anywhere on the site to the videos, just the php encrypted ones given to users
- Use htaccess to set no indexing
- Use Robots.txt to request no crawl

My real question is. As the videos are still underneath the public_html folder can they still be found and downloaded? By a webcrawler for exampe. I am hoping that webcrawlers can only jump from link to link and can't find un-linked files. I used Cyotek web crawler to check and it didn't find the video files which is promising. Is there any way someone could still get the videos? They are still underneath the public_html folder so I'm wondering if someone could still use some technique I'm not aware of to track them down and download them?

Any help would be appreciated.
Post Reply