Using PHP to Stream MP3 Files and Prevent Illegal Downloading - Implementing the Solution

Your first step is to create a directory in your FTP server accessible by browser, and upload all of your MP3 files to that directory. Create a name that cannot be easily guessed, such as “fewdsd.” Do not tell anyone about that directory. And never, ever put a link pointing to it (to either the folder itself or any of your MP3 files within it). If you put a link to it, that’s the end; spam bots will be able to locate it. as will normal visitors or even good bots, such as search engine spiders.

You can even rename the MP3 file to something unintelligible before uploading to the server. For example, if the song is entitled “Surprise by a Sudden Sunshine,” some users with advanced tools can search for files on your server containing that string. So you can name it “65ffs.mp3,” and make sure you keep a copy of the equivalent real name.

After completing this first step, the real, clean URL (showing the exact path to your MP3 song: “Surprise by a Sudden Sunshine") will be (just an example):

http://www.somewebsite.com/fewdsd/65ffs.mp3

The next thing you need to do is create new MySQL table somewhere in your existing or new database. It should simply be a three-field MySQL table: one for the “ID,” the second for the “Real URL” and the third for the “Song Title.” The MySQL table should look like the one below:

For the third step in this process, you need to make a PHP script that will be able to GET request ID, then fetch the real URL from MySQL, and finally play the MP3 to Adobe Flash player.

This script needs to be uploaded to the root directory of your server. Name it  mp3.php (for example).

<?php

if (! preg_match('/^[-a-z.-@,'s]*$/i',$_GET['ID']))

{

die('No illegal characters');

}

else

$empty=strlen($_GET['ID']);

if ($empty==0)

{

die('The text field cannot be empty');

}

else

{

$ID = $_GET['ID'];

}

$username = "yourmysql username";

$password = "yourmysql password";

$hostname = "yourhostname";

$database = "your mysql database name";

$dbhandle = mysql_connect($hostname, $username, $password)

or die("Unable to connect to MySQL");

$selected = mysql_select_db($database,$dbhandle)

or die("Could not select $database");

$ID = mysql_real_escape_string(stripslashes($ID));

$result = mysql_query("SELECT `Real URL` FROM `yourtable` WHERE `ID`='$ID'")

or die(mysql_error());

$row = mysql_fetch_array( $result )

or die("Invalid query: " . mysql_error());

$direction = $row['URL'];

$path='http://'.$direction;

header('Content-type: audio/mpeg');

header('Content-Length: '.filesize($path)); // provide file size

header("Expires: -1");

header("Cache-Control: no-store, no-cache, must-revalidate");

header("Cache-Control: post-check=0, pre-check=0", false);

readfile($path);

mysql_close($dbhandle);

?>

When a user pressed the play button of the flash player, it sends out an ID to the PHP script which will be received by a GET request. Then it will validate the data for illegal characters; if the characters are valid, it will finally connect to the MySQL database. Before doing the query, the $ID variable will be sanitized to prevent MySQL injection. Finally, it will fetch the Real URL from the MySQL database of the corresponding ID.

What happens next is that readfile($path); will then read the MP3 content and stream it. Another important line in the script above is the header ("Expires: -1"), which will prevent browser caching of the MP3 file.

At last you can embed the code in your web page, using the snippet below:

<embed height="50" width="200" pluginspage="http://www.macromedia.com/go/getflashplayer" flashvars="valid_sample_rate=true&amp;external_url=
http://www.somewebsite.com/mp3.php?ID= vgf4fdl9i8u76yhgn54ed6g745rt54" type="application/x-shockwave-flash" wmode="transparent" allowscriptaccess="always" quality="low" src="http://www.somewebsite.com/flashplayer.swf"/>

It is also suggested that you encrypt the flash code for better security.

If you have any questions, just comment on this post.