Flash Movie Security Using PHP
Posted: Mon Aug 09, 2010 4:23 pm
Hi,
This is my first and post and topic on DevNetwork .I am creating a heavy media content website where users can view movies but cannot upload any. Only the admin is allowed to do that. The users has to pay to view the full movie otherwise the movie trailer are shown . I am using flowplayer(flv player) to stream the movie.
Usually people use a media server such as Wowza or lighthttpd for such websites but I am not in the position to use them . I have to use only the apache server thats it. Now the issue I had was the flowplayer I had was the url in the link. Basically anyone can use a firebug or view the source file to see the actual directory path and download the full movie. I could solve this issue with rewrite rule no problem.
BUT the main issue is to allow only paid members to view the full movies and the guest could only watch the trailers. At first I used the Xmoovstream server to solve this and it did. I wrote a php code to to check whether the user is logged in . If logged in stream the full movie using a php script else stream the trailer using a php script.
But since my website will have atleast 5 thousands traffic per day and everyone will access the same php script for the movie it is impossible to use xmoov stream since it is very very slow. Infact it doesnt work if even for a couple of users. I have a deadline and i dont have the time to investigate xmoov. SO i had to scrap xmoov stream.
SO I came up with this other very very simple solution and I want to know whether this is a good idea and will it work fine .
Basically the flv movie link will be something like this
get_movie.php?movie=kill_bill_vol1
the get_movie.php will then check the user
if(user logged in)
{
//show full movie
header( 'Location: http://www.yoursite.com/videos/action/kill_bill_vol1' ) ;
}else{
// show trailer
header( 'Location: http://www.yoursite.com/videos/action/t ... _bill_vol1' ) ;
}
INSTEAD of the using php script to stream the movie. I just wrote a redirect and it works fine. The users cannot view the actual directory link.But its hard to believe that such a big security issue could be solved with just a couple of lines of code. Am i missing something here ?? will this work ?? .Expert opinion please !!!
Justin
This is my first and post and topic on DevNetwork .I am creating a heavy media content website where users can view movies but cannot upload any. Only the admin is allowed to do that. The users has to pay to view the full movie otherwise the movie trailer are shown . I am using flowplayer(flv player) to stream the movie.
Usually people use a media server such as Wowza or lighthttpd for such websites but I am not in the position to use them . I have to use only the apache server thats it. Now the issue I had was the flowplayer I had was the url in the link. Basically anyone can use a firebug or view the source file to see the actual directory path and download the full movie. I could solve this issue with rewrite rule no problem.
BUT the main issue is to allow only paid members to view the full movies and the guest could only watch the trailers. At first I used the Xmoovstream server to solve this and it did. I wrote a php code to to check whether the user is logged in . If logged in stream the full movie using a php script else stream the trailer using a php script.
But since my website will have atleast 5 thousands traffic per day and everyone will access the same php script for the movie it is impossible to use xmoov stream since it is very very slow. Infact it doesnt work if even for a couple of users. I have a deadline and i dont have the time to investigate xmoov. SO i had to scrap xmoov stream.
SO I came up with this other very very simple solution and I want to know whether this is a good idea and will it work fine .
Basically the flv movie link will be something like this
get_movie.php?movie=kill_bill_vol1
the get_movie.php will then check the user
if(user logged in)
{
//show full movie
header( 'Location: http://www.yoursite.com/videos/action/kill_bill_vol1' ) ;
}else{
// show trailer
header( 'Location: http://www.yoursite.com/videos/action/t ... _bill_vol1' ) ;
}
INSTEAD of the using php script to stream the movie. I just wrote a redirect and it works fine. The users cannot view the actual directory link.But its hard to believe that such a big security issue could be solved with just a couple of lines of code. Am i missing something here ?? will this work ?? .Expert opinion please !!!
Justin