Solved

PHP MySQL/Folder - Protected file system

Posted on 2014-02-21
3
809 Views
Last Modified: 2014-02-21
Hello Experts,

I need an advice.

I know that the best way to upload and save files in a website is to upload them to a folder and save the file and link information in the database. Is simple and cheap when come to web-hosts (disk space is cheaper than paying for big database).

But i need to upload and protect video files. The website i'm building for my client will have files as the product do sell so.. i can't leave them open to download.

What's the best approach? store the files inside a blob field in mysql right?
.htaccess will not be practical or possible for this i think..
Or maybe there is a good service for this kind of features i don't know?..

Thx in advanced
0
Comment
Question by:justaphase
  • 2
3 Comments
 
LVL 56

Accepted Solution

by:
Julian Hansen earned 500 total points
ID: 39876488
store the files inside a blob field in mysql right?
Not necessarily

Store them outside the webroot and stream them with script

Your request would look something like

mydomain.com/?video=0c241b1f-ec3e-1031-bf66-32903d7ec359

The key links to a DB record that contains the path to the file

You do your validation and check the person has the right to access the file and then do something like this

// construct $filepath here
header('Content-type: video/mpeg');
header('Content-Length: '.filesize($path)); // provide file size
header("Expires: -1");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);

readfile($filepath);

Open in new window

More info here on how to construct streaming / download code
How to use the Apache x-sendfile module
http://www.jasny.net/articles/how-i-php-x-sendfile/

A sample file streaming script
http://www.devshed.com/c/a/PHP/Video-Streaming-PHP-Script-Tutorial/3/

A very comprehenisve file streaming script with range checking
http://stackoverflow.com/questions/157318/resumable-downloads-when-using-php-to-send-the-file
0
 
LVL 1

Author Closing Comment

by:justaphase
ID: 39876512
Thank you :)
0
 
LVL 56

Expert Comment

by:Julian Hansen
ID: 39876589
You are welcome - thanks for the points.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question