I am attempting to develop a video-streaming website (for learning purposes) in PHP, utilizing the HTML5 video element.
The only problem with the HTML5 video element is that it is
incredibly insecure. It allows the user to directly see the video source if they inspect the element.
I would like to protect against this. I came across
this answer, and attempted to protect using that code (but it never worked, and I got the error:
Using an empty Initialization Vector (iv) is potentially insecure and not recommended
)
So, I went ahead and created my own version (but I get a 404 error in the console for the video).
What I have tried:
view.php:
<?php
$dbh->query("INSERT INTO vpt_tokens (video_id, vpt) VALUES (abcd, 1234)");
?>
<video src="/intrapics/stream.php?m=abcd&vpt=1234"></video>
stream.php:
if(!isset($_GET["vpt"]) || trim($_GET["vpt"]) === ""){
header("HTTP/1.0 404 Not Found");
} else {
$check = $dbh->query("SELECT vpt FROM vpt_tokens WHERE video_id = abcd AND vpt = " . $_GET["vpt"]);
if(!$check->rowCount()){
header("HTTP/1.0 404 Not Found");
} else {
$file = "player/" . $_GET["m"] . ".mp4";
if(file_exists($file)){
header("Content-type: video/mp4");
}
echo file_get_contents($file);
$dbh->query("DELETE FROM vpt_tokens WHERE vpt = " . $_GET["vpt"]);
}
}