Protecting my videos

2

I apologize for my lack of knowledge, but I'm not sure where to start researching. The problem is that I use jwplayer to play my videos, I host them on my own server and would like to create a temporary link, similar to what youtube, vimeo and all video sites, preferably a solution in php

Example:

Meu codigo
<video>
  <source src="video.mp4" type="video/mp4">
</video>

Como eu gostaria
<video>
  <source src="http://video.site.com/55848/85778.mp4"type="video/mp4">
</video> 

It does not have to be exactly like this, but a solution to protect my videos from being used by others, and thus not consume resources from my server.

    
asked by anonymous 12.05.2016 / 00:01

1 answer

4

As you said using Apache, you have a very interesting tool to send files under PHP control, but at the same time without PHP to generate the communication, which is the x-sendfile module.

  

link

This module allows you to return control of the connection to Apache, indicating a file to be served, and for this, just set a header :

X-Sendfile: /caminho

I suppose you already have some way to authenticate the user. Assuming he is allowed to view the videos, one possibility is to record a token in a session, and validate this way:

listavideos.php

<?php
    // estou supondo que você autenticou o usuário,
    // e criou um token único, aleatório e complexo
    // para ele em $_SESSION['token']

    session_start();

    ...

    echo '<source src="/show.php?token='.$_SESSION['token'].'&video=23" type="video/mp4">';

And no show.php:

session_start();

if( $_GET['token'] == $_SESSION['token'] ) {
    header( 'Content-type: video/mp4' );
    // aqui vai o caminho real para o vídeo, que não aparecerá para
    // o usuário final. Sugiro fazer um sistema mais complexo que
    // este do exemplo, usar um hash para o nome real do video, 
    // ou mesmo colocar os vídeos num lugar inacessível para uso
    // "direto".
    header( 'X-Sendfile: /videos/caminhocomplexo/'.$video.'.mp4' );
    die();
} else {
    echo 'Link inválido';
    die();
}

Of course I simplified the code to illustrate, but the basic idea is this. Obviously later you can get more done by doing the friendly URL (for example, passing the data in the URL path instead of the query string , but there it is already "improvement").


Sending without X-Sendfile

Using the same logic as above, we can change the header X-Sendfile so:

readfile( '/videos/caminhocomplexo/'.$video.'.mp4' );

But you need to keep in mind that this causes all of the data to be sent while the PHP process is running, and this can lead to a timeout in most hosting.

Additionally, if it is a long stream , it would need to support ranges , that is, allow some client to start reading data from the middle of the video, example.

PHP allows you to set the execution time of a script, but it can never exceed the maximum defined in PHP.ini , which is often not accessible by the hosting client.

    
12.05.2016 / 00:19