Download URL linking to files outside webroot

[Ushkand]

Ok, finally bought the commercial license as I went commercial last week. Here is my predicament: I am serving video files via the script and disabled server play so that members can only download the files. As these files will be available for paid members only, I'd like to protect them by placing them below the webroot.

I am using the downlaod URL field to tell Download.php where the file is. Everything seems to be working ok, till I try to play the video downloaded this way. For some reason the file seems to be corrupted, even though the size and everything else is the same. I am guessing the file header is getting screwed. How do I fix this so that the videos downloaded from below the webroot play fine? I am serving mostly .AVI files.

[Chris]

4images does not read each file and return the file contents to the browser.  It is designed to provide valid HTTP links to media source files and then hands these off to your web server to deliver to the visitor.  Placing files outside the web root will not work.

[Ushkand]

can download.php be modified to read the file headers? I desperately need this to work. Thanks for your help.

[Chris]

I suppose it could although I don't know how.

[V@no]

your host wont be very happy, because the way u want it be done the script must read the files into memory, then through it to the client browser...that would take alot of servers perfomance.

[Ushkand]

I am on a dedicated server so that shouldn't be a problem. Since all the files are going to be .AVI, could I not set download.php to tell browser by default that it is a video files without having to reading each and every file everytime someone downloads a file?

[Chris]

Since you want to place the files outside of your web root, download.php must tell the browser the mime header type AND read and deliver the avi files to the browser. That's going to be a big load on your php processes.

[V@no]

That's going to be a big load on your php processes.

exactly!
but here is an example how to read and print a picture stored outside of web root:

Code: [Select]

<?php
$file = "e:/iguana.jpg";
$file_size = filesize($file);
$fp = fopen($file, "rb");
$data = fread ($fp, $file_size);
fclose($fp);
header('Content-Type: image/jpeg');
echo $data;
?>

[Chris]

One final comment.  Web servers are highly optimized to serve files off hard disks and this is why their performance will exceed what php can deliver.

Best wishes.

[Ushkand]

That's going to be a big load on your php processes.

Can you guys suggest of a better way to protect the videos? Though the scripts masks the download url, netscape users can easily get the direct url link. I figured placing videos outside webroot would be the most secure way.

Btw v@no, where do I place this code in download.php? and

Code: [Select]

$file = "e:/iguana.jpg"; Could I replace this with the Download URL parameter?

[V@no]

Btw v@no, where do I place this code in download.php?

sorry, that was just an example how it would work...this method would be maybe usefull for small files, images (I use it at my site), but for video I dont know..

[Chris]

... so that members can only download the files. As these files will be available for paid members only, I'd like to protect them by placing them below the webroot.

Why not just change the "View Image" setting to private or registered user?  Your best approach is to restrict access to the download button.  Moving files outside the web root only prevents hotlinking by other sites.  If you password protect the media directories, require HTTP authentication or change the 4images settings as I've suggested, you'll accomplish the same thing.

[V@no]

Why not just change the "View Image" setting to private or registered user?  Your best approach is to restrict access to the download button.

well, that's not the point, any registered members could click download button and find out the path for the file and they wont need use download.php anymore, they can use over and over again, or send to someone. if u use script that would read files (outside root not necesery) and then send it to the browser, u wont be able get the files without starting the script, but this is big perfomance drawback...

If you password protect the media directories, require HTTP authentication

I might did something wrong, but I've tryed do it this way, and it asked me for user/pass when I open details.php
they .htaccess for antileech will kill ability play video/audio files on the page...

[Chris]

Well perhaps this will illustrate my suggestion better.

1. Create a new user group called "PaidMembers"
2. Set the "Download" permission for each category to "Private"
3. Now edit the "Permissions" for the user group "PaidMembers" and set the download for each category to "Yes"

When a registered user remits payment, place that user in the "PaidMembers" user group.

This should work, shouldn't it?

[Ushkand]

Well perhaps this will illustrate my suggestion better.

1. Create a new user group called "PaidMembers"
2. Set the "Download" permission for each category to "Private"
3. Now edit the "Permissions" for the user group "PaidMembers" and set the download for each category to "Yes"

When a registered user remits payment, place that user in the "PaidMembers" user group.

This should work, shouldn't it?

Chris this is exactly what I am doing right now. Like v@no says, any paid member can easily get the download link (direct url to the videos) and share it with others. These other visitors can just type in the direct url of the video and download them.

they .htaccess for antileech will kill ability play video/audio files on the page...

I am not using any server play. Is there any way I can set the .htaccess to let videos be download only through download.php and not with a direct url link?