如何防止用户使用PHP直接下载我的HTML视频 [英] How do I protect against users directly downloading my HTML videos using PHP

查看:461
本文介绍了如何防止用户使用PHP直接下载我的HTML视频的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用HTML5视频元素在PHP中开发一个视频流网站(用于学习目的)。



HTML5视频的唯一问题元素是难以置信不安全。它允许用户在检查元素时直接看到视频源。



我想防止这种情况发生。我遇到了这个答案,并尝试使用该答案进行保护代码(但它从来没有工作,我得到错误:

I am attempting to develop a video-streaming website (for learning purposes) in PHP, utilizing the HTML5 video element.

The only problem with the HTML5 video element is that it is incredibly insecure. It allows the user to directly see the video source if they inspect the element.

I would like to protect against this. I came across this answer, and attempted to protect using that code (but it never worked, and I got the error: 

Using an empty Initialization Vector (iv) is potentially insecure and not recommended





所以,我继续创建了我自己的版本(但我在视频控制台中出现了404错误)。



我尝试过:



view.php:

)

So, I went ahead and created my own version (but I get a 404 error in the console for the video).

What I have tried:

view.php:

<?php
    $dbh->query("INSERT INTO vpt_tokens (video_id, vpt) VALUES (abcd, 1234)");
?>
<video src="/intrapics/stream.php?m=abcd&vpt=1234"></video>





stream.php:



stream.php:

if(!isset($_GET["vpt"]) || trim($_GET["vpt"]) === ""){
    header("HTTP/1.0 404 Not Found");
} else {
    $check = $dbh->query("SELECT vpt FROM vpt_tokens WHERE video_id = abcd AND vpt = " . $_GET["vpt"]); // please note that I do actually use prepared statements, this is just simplified
    if(!$check->rowCount()){
        header("HTTP/1.0 404 Not Found");
    } else {
        $file = "player/" . $_GET["m"] . ".mp4";
        if(file_exists($file)){
            header("Content-type: video/mp4");
        }
        echo file_get_contents($file);
        $dbh->query("DELETE FROM vpt_tokens WHERE vpt = " . $_GET["vpt"]);
    }
}

推荐答案

dbh-> query( INSERT INTO vpt_tokens(video_id,vpt)VALUES(abcd,1234));
?>
< 视频 src = / intrapics / stream.php?m = abcd& vpt = 1234 > < / video >
dbh->query("INSERT INTO vpt_tokens (video_id, vpt) VALUES (abcd, 1234)"); ?> <video src="/intrapics/stream.php?m=abcd&vpt=1234"></video>





stream.php:



stream.php:

if(!isset(


_GET [ vpt])| | trim(
_GET["vpt"]) || trim(


_GET [ vpt])= == ){
header( HTTP / 1.0 404 Not Found);
} 其他 {
_GET["vpt"]) === ""){ header("HTTP/1.0 404 Not Found"); } else {


这篇关于如何防止用户使用PHP直接下载我的HTML视频的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆