Using PHP to Stream MP3 Files and Prevent Illegal Downloading - Preventing Illegal Downloads

We will examine how to prevent these problems.

Step 1. The user loads the page containing the MP3 using his/her preferred browser. The MP3 player on the page should NOT be a direct link, but use the Adobe Flash player so as to avoid showing the URL in the address bar. The target URL of the flash player should NOT use the direct download directory. Instead, it will use a dynamic URL with a PHP extension, as in this example:

http://www.somewebsite.com/mp3.php?ID= vgf4fdl9i8u76yhgn54ed6g745rt54

This will obscure the real download directory. This is what the embedded flash player code should look like:

<embed height="50" width="200" pluginspage="http://www.macromedia.com/go/getflashplayer" flashvars="valid_sample_rate=true&amp;external_url=
http://www.somewebsite.com/mp3.php?ID= vgf4fdl9i8u76yhgn54ed6g745rt54" type="application/x-shockwave-flash" wmode="transparent" allowscriptaccess="always" quality="low" src="http://www.somewebsite.com/flashplayer.swf"/>

If you can make it harder, you can even encrypt the embedded flash code using JavaScript, so the above code will look like this after encryption:

<script>

<!--

document.write(unescape("%3Cembed%20height%3D%2250%22%20width%3D%22200%22%20pluginspage%3D%22http%3A//www.macromedia.com/go/getflashplayer%22%20flashvars%3D%22valid_sample_rate%3Dtrue%26amp%3Bexternal_url%3Dhttp%3A//www.somewebsite.com/mp3.php%3FID%3D%20vgf4fdl9i8u76yhgn54ed6g745rt54%22%20type%3D%22application/x-shockwave-flash%22%20wmode%3D%22transparent%22%20allowscriptaccess%3D%22always%22%20quality%3D%22low%22%20src%3D%22http%3A//www.somewebsite.com/flashplayer.swf%22/%3E"));

//-->

</script>

This will make the PHP ID very hard to find, especially if you use a 30-character random-looking ID, such as the one shown above.

Step 2. When the user plays the MP3 using flash, the PHP ID is then sent to the server. The server will then fetch the equivalent URL (the real, clean URL) from the MySQL database. It will then send it back to the user, and start loading the MP3 --but the location of the MP3 will not be shown in the browser address bar or visible in the HTML source code.

Example:

Say this is your real clean URL (actual path to your MP3):

http://www.somewebsite.com/fewdsd/65ffs.mp3

And you obscure it using PHP by assigning a 30-character alphanumeric ID to “65ffs.mp3”: G4fr56ythtghty8iukjy5t7yjhtr3a, so it will be:

http://www.somewebsite.com/mp3.php?ID= G4fr56ythtghty8iukjy5t7yjhtr3a

The user will now have no idea where your real MP3s are located in the web server. This is because it has been replaced with a 30-character random-looking ID using PHP.

Step 3. As the flash player streams your MP3 right in your web page, the browser slowly stores the MP3's content in the Temporary Internet Folder. To prevent this from happening, your PHP script must have an effective Cache Control script that will prevent the MP3 from being cached or saved directly to Temporary Internet folders in the user’s local hard drive.

We will now provide details for this three-step step process in which every visitor will interact with your MP3 website.

Next: Implementing the Solution >>
 

More Miscellaneous Articles
More By Codex-M