Restricting access to videos?
However the video side has been a nightmare. The code below works for a small video on Chrome, Firefox, Operah but not on safari which means no macs, iphones or ipads. Also I think it might fail for a bigger video anyway because I think it needs to read the whole file into memory before outputting.
Code: Select all
$file='path/file.mp4'; header('Content-Type: video/mp4'); header('Accept-Ranges: bytes'); header('Content-Length:'.filesize($file)); readfile($file);
- place the videos under the public folder like this (final folder name is 64bits of random characters)
public html /mywebsite/user_area/secret_videos/fuytfkuyiyfuy765765ffjfgjghjhguruedjy/
- Each video gets a name of 64bits of random characters (i.e hard to guess or manipulate the url)
- The videos are only linked via a php file which hashes the session and path together so the user only gets a hashed link that lasts as long as the session does
- There are no html links anywhere on the site to the videos, just the php encrypted ones given to users
- Use htaccess to set no indexing
- Use Robots.txt to request no crawl
My real question is. As the videos are still underneath the public_html folder can they still be found and downloaded? By a webcrawler for exampe. I am hoping that webcrawlers can only jump from link to link and can't find un-linked files. I used Cyotek web crawler to check and it didn't find the video files which is promising. Is there any way someone could still get the videos? They are still underneath the public_html folder so I'm wondering if someone could still use some technique I'm not aware of to track them down and download them?
Any help would be appreciated.