Click here to Skip to main content
14,869,589 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
Below i logic i am trying to prevent video from being stole but i got stuck some where.

i created a page index.php

XML
<?php
    session_start();
    $_SESSION["check"]="aaa";
?>
<video width="320" height="240" controls>
    <source src="video.php" type="video/mp4">
</video>



and video.php

PHP
$file = "a.mp4";
    $file_size = filesize($file);
    $fp = fopen($file, "rb");
    $data = fread ($fp, $file_size);
    fclose($fp);
    header ("Content-type: video/mp4");

    if(md5($_SESSION["check"])=="aaa"){
       echo $data;
    }else{

    }


but i want when user open video.php he should simply get some message or error but not videos
as user can get value of session on video.php
he still is able to see and save video any way to pervent this
Posted
Comments
enhzflep 11-Dec-13 6:12am
   
At a quick glance.

1) Put the videos in a folder outside the server-root (user cant enter direct address of video)
2) Use php to fetch them from here (non-authenticated users cant get the page that retrieves the video)
3) Use flash's DRM

This won't stop screen-recordings, but will make the downloaded data useless to anything but the flash video player. 3dBuzz.com changed their system a few years ago when I used to visit to something like this. No idea if its since changed.

1 solution

Hi Friend,
Try This.... I was moved by your question and I dived into the deep ocean of coding and I took out this beautiful pearl for you. Tell me if it worked for you as per your requirement or not. Also, do rate my answer. Happy Coding :)

Here's my solution.. this is what I call two layer security and is unbreakable (according to me)... Try it...

PHP
<?php
/**
 * index.php - The Entry File
**/

// Start the session
session_start();
// It is really important to regenerate id on every click...
session_regenerate_id();

// We will tell the next file that we have a token set using session
$_SSEION['setToken'] = true;

// The filename... You can get that from a $_GET variable and store it here
$token = "vid.mp4";

// We will be encrypting the video name using session id as key ans AES128 as the algorithm
$token_encrypted = openssl_encrypt($token, "aes128", session_id());

?>

<video width="320" height="240" controls="">
  <source src="video.php?vid=<?php echo $token_encrypted; ?>">
</source></video>


PHP
<?php
/**
 * video.php - The First Entry Point
**/

session_start();
// Get Token
$token = $_GET['vid'];
// Get Current Session ID
$prev= session_id();
// Test the session variable token is set
if(isset($_SESSION['setToken']))
{
  // This was a one time token and this is your security
  unset($_SESSION['setToken']);
  // Now we will re-encrypt the token
  $token = openssl_decrypt($token, "aes128", session_id());
  // Now Regenerate the session id
  session_regenerate_id();
  // Now re-encrypt the token with a key combination of both new and old ids
  $token = openssl_encrypt($token, "aes128", $prev.session_id());
}
else
{
  // If token was not matched, we have changed the id therefore the next script will not be able to decrypt the token
  session_regenerate_id(true);
}
header("Location: access.php?id=".$prev."&vid=".$token);
?>

PHP
/**
 * access.php - The main serving file which will server the video
**/
session_start();

// Decrypt the Token to get back the video file name
$token = openssl_decrypt($_GET['vid'], "aes128", $_GET['id'].session_id());

// Check if file exists
if(file_exists("videos/".$token))
{
  // Another important point here is a session id regeneration
  session_regenerate_id(true);  

  $file = $token;
  $file_size = filesize($file);
  $file_pointer = fopen($file, "rb");
  $data = fread($file_pointer, $file_size);
  header("Content-type: video/mp4");

  echo $data;
}
else {
  echo "Error: File Does not exists";
}


I hope that this complete example will help you attain the results you want to achieve. And Thank you very much for such a nice riddle.

With Regards
Tushar Srivastava
   
v4
Comments
BobJanova 16-Dec-13 11:50am
   
The user can watch browser traffic (e.g. through Chrome's F12), stop the initial request to video.php, and go direct to access.php with the VID token in the initial page. Additionally, the user can record the response to the request to access.php and save it.
Er. Tushar Srivastava 16-Dec-13 12:40pm
   
All Right... There is another solution then... Do one thing... in the if condition in video.php... decrypt the token, regenrate the session id and use new session id to re-encrypt the token and send it to access.php Now, is the problem solved? :)
BobJanova 16-Dec-13 13:36pm
   
Nearly but no. The user can still record the response and save it, or block the initial request to video.php and then submit it manually.
Er. Tushar Srivastava 16-Dec-13 14:12pm
   
Alright... Logically Correct.... Fine, I need time but I will make an unbreakable code :) :) :)
Er. Tushar Srivastava 16-Dec-13 12:51pm
   
Have a look at the code now, I have updated my code....
garav kumar mishra 18-Dec-13 12:57pm
   
ok that is fine.
But when user press ctrl+s in firefox vidoe gets downloaded.

where as in chrome no vidoe gets downloaded. ??
Er. Tushar Srivastava 19-Dec-13 13:12pm
   
Actually The Video Tag in HTML5 has this issue.... I would recommend you to to use either flash player or some other player maybe written in Java like jwPlayer ..... Best of Luck
garav kumar mishra 24-Jan-14 14:19pm
   
i recently discovered bug open browser click view source.
you will get link of video as

http://localhost/test/access.php?id=2hmekb383qv3k8cpn45eep2u60&vid=kXjCRz4E8PLe2Ztq7loJAg==

when u open this link in browser u can still watch video and can be downloaded also
Er. Tushar Srivastava 26-Jan-14 6:11am
   
Logically, if the page is loaded successfully in browser, the first request has been made by video tag and thus.... the given link should no longer be valid.... :/ i.e. if the user will click on the generated link, he will no longer be able to request the same file again :/ (it was a one time token link).... Please do review the code if I had missed some check... :)
garav kumar mishra 26-Jan-14 14:05pm
   
no basically what happens is when u click view source of page directly like
view-source:localhost.com/video/ then u can get url of access page and this works
Er. Tushar Srivastava 27-Jan-14 3:05am
   
I guess, I have understood the problem.... :/ Well the solution can not be much difficult if we use javaScript or jQuery (a library in javaScript). What can be done, is use AJAX to get the jSon encoded url and then replace that with the dummy url in the video Tag.... :) moreover, the jScript can generate a token which will be scrambled so that no user can use that token to directly request to video.php :) That can be a lot of client side programming in javaScript though... Best of Luck :)
garav kumar mishra 29-Jan-14 10:45am
   
what i see when i play video idm(Internet Download Manager) is able to grab video and video gets downloaded.

there is site
http://cmsdemosite.net/index.php/concrete5-addons/secure-streaming-addon/
here vidoe does not gets downloaded via IDM how this can be achieved ?
Member 13929183 31-Jul-18 13:30pm
   
Tushar Srivastava,

I am newbie to php. Can you please tell me how I do add my video file to your script.

For explame if I want to play this url : https://www.sample-videos.com/video/mp4/720/big_buck_bunny_720p_1mb.mp4

On which .php I need to add it??

I tired my best to understand but I end up with error "Error: File Does not exists"

Any help appreciated.

Thank you
Er. Tushar Srivastava 1-Aug-18 7:40am
   
Hi,

In "access.php" there's an if-else condition. In that condition (file_exists(...)) is used. This is used only to check if the file exist in filesystem (not from URL). So, you need to change that function to if(@fopen("https://www.sample-videos.com/video/mp4/720/big_buck_bunny_720p_1mb.mp4","r")==true) {} and it should work.

Best of luck.
Member 13929183 1-Aug-18 8:22am
   
<?php
/**
* access.php - The main serving file which will server the video
**/
session_start();

// Decrypt the Token to get back the video file name
$token = openssl_decrypt($_GET['vid'], "aes128", $_GET['id'].session_id());

// Check if file exists
if(@fopen("https://www.sample-videos.com/video/mp4/720/big_buck_bunny_720p_1mb.mp4","r")==true)

{
// Another important point here is a session id regeneration
session_regenerate_id(true);

$file = $token;
$file_size = filesize($file);
$file_pointer = fopen($file, "rb");
$data = fread($file_pointer, $file_size);
header("Content-type: video/mp4");

echo $data;
}
else {
echo "Error: File Does not exists";
}
?>;


Do I missing anything.. Still the video wont play..

I need your help on this.

Thank you
Member 13929183 5-Aug-18 15:40pm
   
Please help me on this issue with your complete script using URL

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900