[Resolved] Secure m3u stream

Disgrntld

Hey guys, this is my first time posting here..

I think I have a pretty unique question: I've set up a login-protected page to download my mp3's remotely. I keep the files in a dir off web root to keep users not logged-in from downloading them. I use headers to force the download and dump the contents of the file to the browser with readfile().

Now I'm trying to add a stream option using an m3u file. The problem is the m3u file needs a valid web address to an mp3. Since I don't want the mp3's accessable without authentication, I use php to copy whatever mp3 they're trying to stream to temp.mp3 in my web dir. Then I changed my m3u file to: "http://mysite.com/temp.mp3" This worked, but now I need some way to remove the temp.mp3 file when they're done streaming.

Anyone have any ideas?

Thanks.

Disgrntld

Hello everyone. Sorry for the bump but I got no replies last time I posted.

I figured I'd at least include something of value, so here is my code:

<?php
 session_start();

 if(isset($_SESSION['loggedin']) && $_SESSION['userlevel']>=1)
 {
  if(isset($_GET['file']))
  {
   $file = base64_decode($_GET['file']);
   $filesrc = "/mp3/" . $file;
   $filedest = "/var/www/html/temp/content.mp3";

   if(!($read = fopen($filesrc, "rb")))
   {
    echo "Filesrc couldn't be opened..";
    exit();
   }

   if(!($write = fopen($filedest, "wb")))
   {
    echo "Filedest couldn't be opened..";
    exit();
   }

   if(!fwrite($write, fread($read, filesize($filesrc))))
   {
    echo "Couldn't copy MP3 to temp dir..";
    exit();
   }

   header("Location: [url]http://www.mysite.com/temp/stream.m3u[/url]");
   exit();
  }
  else
  {
   header("Location: login_success.php?nofile");
   exit();
  }
 }
 else
 {
  header("Location: login_success.php?noauth");
  exit();
 }
?>

Just for clarity; I'm tryin to find a way to remove the content.mp3 file when the stream is closed.

Thanks.

tekky

I would guess some jscript to trigger for On close or something of the new browser window.....

to open a link to a script that can delete it.....

LordShryku

You may be able to use the connection handling functions to gather connection status, then unlink when the connection is aborted/closed

examancer

create a random number. put the mp3 file at "temp-$randomNumber.mp3", take the random number and store it in a javascript on the page that will call an onClose sort of event that will redirect the user when they navagate away or close the window to a page like "clean.php?id=$randomNumber". This script will find the file with that random number and delete it.

Or you could store the random number in a database (or just use a database key instead of a random value). You could store it along with the time the file was requested. Then have a cron job that runs... say, every 30 minutes that checks the database and sees if its old enough to be deleted.

tekky

Originally posted by examancer
create a random number. put the mp3 file at "temp-$randomNumber.mp3", take the random number and store it in a javascript on the page that will call an onClose sort of event that will redirect the user when they navagate away or close the window to a page like "clean.php?id=$randomNumber". This script will find the file with that random number and delete it.

Or you could store the random number in a database (or just use a database key instead of a random value). You could store it along with the time the file was requested. Then have a cron job that runs... say, every 30 minutes that checks the database and sees if its old enough to be deleted.

if you are going to go through the trouble of using a database you may as well calc the run time of the song, store that + the start time in the database so the cron job can clean songs that are done playing...... then run the cron every 5 mins or so

examancer

i didn't specify a time based on the song length because this may cause problems if the user looses the connection and needs to redownload the song... they should have a little leeway probably.

examancer

you could also have it set up so that php can play whole playlists by caching all the files needed, and selecting some time out in the future based on the length of the playlist plus a good amount of time (for pausing and resyncing and such).

After that just take the filenames you created and put them in an m3u using php.

Disgrntld

Hey, thanks for the replies everyone!

I'm considering all the recommendations, I'll let you all know if I have a problem.

Thanks again.

Moonglobe

add this to your .htaccess:

<Location /stream>
    ForceType application/x-httpd-php
</Location>

then make a file called stream (no extension) that checks some GET values of your choice to test the validity of the client. then just readfile() the mp3 by looking at SERVER['REQUEST_URI']. wouldn't that work?

Disgrntld

Moonglobe, I can't readfile() the mp3 because the m3u file needs to contain a valid URL (ie. http://www.mysite.com/temp.mp3).

I did use something similar for the downloading part though.. to dump the data to the user's comp after I set the header to force-download.