Click here to Skip to main content
15,905,607 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
Below i logic i am trying to prevent video from being stole but i got stuck some where.

i created a page index.php

XML
<?php
    session_start();
    $_SESSION["check"]="aaa";
?>
<video width="320" height="240" controls>
    <source src="video.php" type="video/mp4">
</video>



and video.php

PHP
$file = "a.mp4";
    $file_size = filesize($file);
    $fp = fopen($file, "rb");
    $data = fread ($fp, $file_size);
    fclose($fp);
    header ("Content-type: video/mp4");

    if(md5($_SESSION["check"])=="aaa"){
       echo $data;
    }else{

    }


but i want when user open video.php he should simply get some message or error but not videos
as user can get value of session on video.php
he still is able to see and save video any way to pervent this
Posted
Comments
enhzflep 11-Dec-13 6:12am    
At a quick glance.

1) Put the videos in a folder outside the server-root (user cant enter direct address of video)
2) Use php to fetch them from here (non-authenticated users cant get the page that retrieves the video)
3) Use flash's DRM

This won't stop screen-recordings, but will make the downloaded data useless to anything but the flash video player. 3dBuzz.com changed their system a few years ago when I used to visit to something like this. No idea if its since changed.

1 solution

Hi Friend,
Try This.... I was moved by your question and I dived into the deep ocean of coding and I took out this beautiful pearl for you. Tell me if it worked for you as per your requirement or not. Also, do rate my answer. Happy Coding :)

Here's my solution.. this is what I call two layer security and is unbreakable (according to me)... Try it...

PHP
<?php
/**
 * index.php - The Entry File
**/

// Start the session
session_start();
// It is really important to regenerate id on every click...
session_regenerate_id();

// We will tell the next file that we have a token set using session
$_SSEION['setToken'] = true;

// The filename... You can get that from a $_GET variable and store it here
$token = "vid.mp4";

// We will be encrypting the video name using session id as key ans AES128 as the algorithm
$token_encrypted = openssl_encrypt($token, "aes128", session_id());

?>

<video width="320" height="240" controls="">
  <source src="video.php?vid=<?php echo $token_encrypted; ?>">
</source></video>


PHP
<?php
/**
 * video.php - The First Entry Point
**/

session_start();
// Get Token
$token = $_GET['vid'];
// Get Current Session ID
$prev= session_id();
// Test the session variable token is set
if(isset($_SESSION['setToken']))
{
  // This was a one time token and this is your security
  unset($_SESSION['setToken']);
  // Now we will re-encrypt the token
  $token = openssl_decrypt($token, "aes128", session_id());
  // Now Regenerate the session id
  session_regenerate_id();
  // Now re-encrypt the token with a key combination of both new and old ids
  $token = openssl_encrypt($token, "aes128", $prev.session_id());
}
else
{
  // If token was not matched, we have changed the id therefore the next script will not be able to decrypt the token
  session_regenerate_id(true);
}
header("Location: access.php?id=".$prev."&vid=".$token);
?>

PHP
/**
 * access.php - The main serving file which will server the video
**/
session_start();

// Decrypt the Token to get back the video file name
$token = openssl_decrypt($_GET['vid'], "aes128", $_GET['id'].session_id());

// Check if file exists
if(file_exists("videos/".$token))
{
  // Another important point here is a session id regeneration
  session_regenerate_id(true);  

  $file = $token;
  $file_size = filesize($file);
  $file_pointer = fopen($file, "rb");
  $data = fread($file_pointer, $file_size);
  header("Content-type: video/mp4");

  echo $data;
}
else {
  echo "Error: File Does not exists";
}


I hope that this complete example will help you attain the results you want to achieve. And Thank you very much for such a nice riddle.

With Regards
Tushar Srivastava
 
Share this answer
 
v4
Comments
BobJanova 16-Dec-13 11:50am    
The user can watch browser traffic (e.g. through Chrome's F12), stop the initial request to video.php, and go direct to access.php with the VID token in the initial page. Additionally, the user can record the response to the request to access.php and save it.
Er. Tushar Srivastava 16-Dec-13 12:40pm    
All Right... There is another solution then... Do one thing... in the if condition in video.php... decrypt the token, regenrate the session id and use new session id to re-encrypt the token and send it to access.php Now, is the problem solved? :)
BobJanova 16-Dec-13 13:36pm    
Nearly but no. The user can still record the response and save it, or block the initial request to video.php and then submit it manually.
Er. Tushar Srivastava 16-Dec-13 14:12pm    
Alright... Logically Correct.... Fine, I need time but I will make an unbreakable code :) :) :)
Er. Tushar Srivastava 16-Dec-13 12:51pm    
Have a look at the code now, I have updated my code....

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900