Home arrow Miscellaneous arrow Page 4 - Using PHP to Stream MP3 Files and Prev...

Using PHP to Stream MP3 Files and Prevent Illegal Downloading
By: Codex-M
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 8

    Table of Contents:
  • Using PHP to Stream MP3 Files and Prevent Illegal Downloading
  • How Illegal Downloads Happen
  • Preventing Illegal Downloads
  • Implementing the Solution



    Using PHP to Stream MP3 Files and Prevent Illegal Downloading - Implementing the Solution

    (Page 4 of 4 )

    Your first step is to create a directory in your FTP server accessible by browser, and upload all of your MP3 files to that directory. Create a name that cannot be easily guessed, such as “fewdsd.” Do not tell anyone about that directory. And never, ever put a link pointing to it (to either the folder itself or any of your MP3 files within it). If you put a link to it, that’s the end; spam bots will be able to locate it. as will normal visitors or even good bots, such as search engine spiders.

    You can even rename the MP3 file to something unintelligible before uploading to the server. For example, if the song is entitled “Surprise by a Sudden Sunshine,” some users with advanced tools can search for files on your server containing that string. So you can name it “65ffs.mp3,” and make sure you keep a copy of the equivalent real name.

    After completing this first step, the real, clean URL (showing the exact path to your MP3 song: “Surprise by a Sudden Sunshine") will be (just an example):


    The next thing you need to do is create new MySQL table somewhere in your existing or new database. It should simply be a three-field MySQL table: one for the “ID,” the second for the “Real URL” and the third for the “Song Title.” The MySQL table should look like the one below:


    Real URL

    Song Title



    Surprise by a Sudden Sunshine



    Cool Song



    Hi Hello

    For the third step in this process, you need to make a PHP script that will be able to GET request ID, then fetch the real URL from MySQL, and finally play the MP3 to Adobe Flash player.

    This script needs to be uploaded to the root directory of your server. Name it  mp3.php (for example).


    if (! preg_match('/^[-a-z.-@,'s]*$/i',$_GET['ID']))


    die('No illegal characters');




    if ($empty==0)


    die('The text field cannot be empty');




    $ID = $_GET['ID'];


    $username = "yourmysql username";

    $password = "yourmysql password";

    $hostname = "yourhostname";

    $database = "your mysql database name";

    $dbhandle = mysql_connect($hostname, $username, $password)

    or die("Unable to connect to MySQL");

    $selected = mysql_select_db($database,$dbhandle)

    or die("Could not select $database");

    $ID = mysql_real_escape_string(stripslashes($ID));

    $result = mysql_query("SELECT `Real URL` FROM `yourtable` WHERE `ID`='$ID'")

    or die(mysql_error());

    $row = mysql_fetch_array( $result )

    or die("Invalid query: " . mysql_error());

    $direction = $row['URL'];


    header('Content-type: audio/mpeg');

    header('Content-Length: '.filesize($path)); // provide file size

    header("Expires: -1");

    header("Cache-Control: no-store, no-cache, must-revalidate");

    header("Cache-Control: post-check=0, pre-check=0", false);




    When a user pressed the play button of the flash player, it sends out an ID to the PHP script which will be received by a GET request. Then it will validate the data for illegal characters; if the characters are valid, it will finally connect to the MySQL database. Before doing the query, the $ID variable will be sanitized to prevent MySQL injection. Finally, it will fetch the Real URL from the MySQL database of the corresponding ID.

    What happens next is that readfile($path); will then read the MP3 content and stream it. Another important line in the script above is the header ("Expires: -1"), which will prevent browser caching of the MP3 file.

    At last you can embed the code in your web page, using the snippet below:

    <embed height="50" width="200" pluginspage="http://www.macromedia.com/go/getflashplayer" flashvars="valid_sample_rate=true&amp;external_url=
    http://www.somewebsite.com/mp3.php?ID= vgf4fdl9i8u76yhgn54ed6g745rt54" type="application/x-shockwave-flash" wmode="transparent" allowscriptaccess="always" quality="low" src="http://www.somewebsite.com/flashplayer.swf"/>

    It is also suggested that you encrypt the flash code for better security.

    If you have any questions, just comment on this post.

    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.
    blog comments powered by Disqus


    - Attention: Forum and Site Maintenance
    - Oracle Database XE: Indexes and Sequences
    - Modifying Tables in Oracle Database XE
    - Oracle Database XE: Tables and Constraints
    - More on Oracle Databases and Datatypes
    - Oracle Database XE Datatypes: Datetime and L...
    - Oracle Database XE Datatypes: Character and ...
    - From Databases to Datatypes
    - Firefox 3.6.6 Released with Improved Plug-in...
    - Attention Bloggers: WordPress 3.0 Now Releas...
    - Reflection in PHP 5
    - Inheritance and Other Advanced OOP Features
    - Advanced OOP Features
    - Linux from Scratch V.6.6 Review
    - Linux Gaining in Strength

    Developer Shed Affiliates


    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap