Most user-friendly way to deliver audio file?

sneakyimp

This is partly a PHP question and partly a HTML/client-side question. I'm looking both for technical suggestions and also opinions about what the ideal behavior should be.

I need to make some music files available to listeners. I'm using CodeIgniter but not especially interested in any kind of elaborate plugin with all kinds of bells and whistles that I don't need or awkward file management constraints. I like to keep my MP3 files in a directory outside my web root and grant access via some PHP script which serves as a download proxy so that I can screen bots, ban people, or require login, etc. before granting the file. My primary concern is what should happen when a user clicks on a download link, for instance. Simply linking an MP3 file, in my experience, seems very problematic. Some browsers will try to play the file. Other users will be prompted for a download. Some machines want to launch iTunes.

Can anyone suggest the most elegant way to make audio files available? The best possible solution would work both on browsers and on phones. If there's some way to import the song into one's phone music library, that would be THA BOMB. Although I don't think that's possible. Second best solution would be to let the user play the song directly in a browser.

I had some luck with the script below in the past (it's quite old). One would link an audio file thusly:

<a href="download.php?f=recording/Old_Grey_Horror_-_Franz_Ferdinand_Must_Die.m4a">Download "Franz Ferdinand Must Die"</a>

And the result was usually pretty good. It would most often ask the user where they want to save the file.

Here's the old script:

<?
/**
 * This script takes a GET string argument which specifies a filename
 * And will spit out the contents of that file as an attachment with the
 * appropriate mimetype.
 */

// the file to be downloaded
$file = $_GET['f'];

if (empty($file)) {
	die('no file specified');
}

// watch out for sneaky attempts at a parent directory
if (preg_match('#\.\.#', $file)) {
	die('no parent directory access permitted');
}

// get the file extension
$ext_pattern = '/\.([0-9a-z]+)$/i';
$num_matches = preg_match($ext_pattern, $file, $matches);

if ($num_matches != 1) {
	die('Unable to locate extension, pattern returned ' . $num_matches . ' matches');
}

$extension = $matches[1];
#echo "extension:" . $extension . ' <br>';

$mime_type = get_mime_type($extension);
if (!$mime_type) {
	die('no mime type found');
}

// file paths are interpreted relative to current working directory
if (!file_exists('./' . $file)) {
	die('file not found');
}


$filename = basename($file);
#echo 'filename:' . $filename . '<br>';


// output the file to the user
do_download($file, $mime_type, $filename);
die();



function get_mime_type($ext) {
	switch (strtolower($ext)) {
		case 'mp3':
			return 'audio/mpeg';
			break;
		case 'm4a':
			return 'audio/mp4';
			break;
		default:
			die('unrecognized extension, unable to find mime type');
	}
} // get_mime_type


function do_download($file, $mime_type, $save_as){
	$size=filesize(urldecode($file));

$attachment=(
	strpos($HTTP_USER_AGENT,"Mozilla/4")===false // Not Moz4
	|| // or
	strpos($HTTP_USER_AGENT,"MSIE")!==false) // is IE
	? ' attachment;'
	: '';

// no idea why those urldecodes are in there. 
$content_disposition = "Content-Disposition:" . $attachment . " filename=" . urldecode($save_as);
header($content_disposition);
header("Content-Type: " . $mime_type);
header("Content-Length: $size");
readfile(urldecode($file));
} 

?>

Bonesnap

In the past we have forced the download of PDF files using an .htaccess file. I can't think of the project off the top of my head since it's a pretty rare request (most users are satisfied with whatever their browser does). I believe you can just set the mime type/file extension and the user will be forced to download it. Try looking up force file download with .htaccess.

Regarding behaviour... if I see a link/button/etc. that says "download" I expect my browser to initiate a download of that file.

sneakyimp

Bonesnap;11049077 wrote:
In the past we have forced the download of PDF files using an .htaccess file. I can't think of the project off the top of my head since it's a pretty rare request (most users are satisfied with whatever their browser does). I believe you can just set the mime type/file extension and the user will be forced to download it. Try looking up force file download with .htaccess.

Thanks for the suggestion but, as I mentioned in my post, I need to exercise control over who gets to download a file and who does not. I cannot simply put the file in the web root and provide an <a> link.

Bonesnap;11049077 wrote:
Regarding behaviour... if I see a link/button/etc. that says "download" I expect my browser to initiate a download of that file.

Thanks for your opinion. On a desktop, I would agree. On a phone, though?

dalecosp

I download stuff to my phone all the time ... prefer it that way. Can't speak for others, though ...

As for a plain <A> link, I guess you could put them in a protected folder and use Apache's Basic Auth, but that means not THEIR password, but one password for all, I think? Really not sure.

Possibly what you really want to do is call your script something more generic, and let the user either push a DOWNLOAD button or a PLAY button, and have PHP send headers, etc., based on which button was pushed (after doing the auth stuff, etc.). That should also be doable, especially if you've already written a "download.php" that did forced downloads. Typically, if the UA on the client doesn't have a handler, it will default to a DL, so I'd think you'd be OK with that?

Bonesnap

sneakyimp;11049083 wrote:
Thanks for the suggestion but, as I mentioned in my post, I need to exercise control over who gets to download a file and who does not. I cannot simply put the file in the web root and provide an <a> link.

I know but I think you can combine both methods to force a download. You are already setting the headers, etc. for the file so when it's sent to the browser the download dialog should be shown.

sneakyimp;11049083 wrote:
Thanks for your opinion. On a desktop, I would agree. On a phone, though?

Yes, even on a phone. The link says download, so that's what I expect it to do. Once it is downloaded I can do what I want with it.

sneakyimp

OK so I went through the trouble of modifying my old download script a bit to make it work with my CodeIgniter project and, while it works fine on my desktop machine, It doesn't play nice with my iPhone. I'll visit the page and click a song link and my iPhone will show a media player with a play button but one can not get anything to play by touching the play button. Interestingly, the progress wheel at the top spins, but nothing ever completes. This is fairly curious because the browser shows that the page has been loaded (it shows a refresh button instead of the "X" cancel button).

If anyone wants to give it a try, I'd appreciate feedback. You can try it here.

<?php
/**
 * Defines a controller to inspect database and automatically generate related classes
 *
 * @author sneakyimp
 * @filesource
 */
defined('BASEPATH') OR exit('No direct script access allowed');

/**
 * Controller class to host db inspection and generation of db classes.
 */
class Download extends LM_Controller
{

private function _song_download_path() {
	return dirname(APPPATH) . DIRECTORY_SEPARATOR . "audio" . DIRECTORY_SEPARATOR;
}

/**
 * Lists files in the audio folder
 */
public function index() {
	$dirname = $this->_song_download_path();
	$files = glob($dirname . "*");

	$songs = array();
	foreach($files as $file) {
		$filename = basename($file);
		if (substr($file, 0, strlen($dirname)) == $dirname) {
			$file_path = substr($file, strlen($dirname));
		}
		$songs[$filename] = $file_path;
	}

	$data = $this->default_view_data();
	$data["title"] = "Song Preview";
	$this->load->view("header", $data);
	$this->load->view("audio/songs", array(
		"songs" => $songs
	));
	$this->load->view("footer");

}

/**
 * Retrieves one song for download
 */
public function get() {
	$file_path = $this->input->get("f");
	// validate
	if (!preg_match('/^[a-z0-9\-_\.]+$/i', $file_path)) {
		show_error("Invalid file path.");
	}

	// watch out for sneaky attempts at a parent directory
	if (preg_match('#\.\.#', $file_path)) {
		show_error('no parent directory access permitted', 403);
	}


	// get the file extension
	$ext_pattern = '/\.([0-9a-z]+)$/i';
	$num_matches = preg_match($ext_pattern, $file_path, $matches);

	if ($num_matches != 1) {
		die('Unable to locate extension, pattern returned ' . $num_matches . ' matches');
	}

	$extension = $matches[1];
	#echo "extension:" . $extension . ' <br>';

	$mime_type = $this->_get_mime_type($extension);
	if (!$mime_type) {
		die('no mime type found');
	}

	// file paths are interpreted relative to this directory
	$dirname = $this->_song_download_path();

	$complete_file_path = $dirname . $file_path;

	if (!file_exists($complete_file_path)) {
		show_error($file . " not found", 404);
	}


	$filename = basename($complete_file_path);
	#echo 'filename:' . $filename . '<br>';


	// output the file to the user
	$this->_do_download($complete_file_path, $mime_type, $filename);
	die();
}


/**
 * Returns a mime type for the supplied extension
 * @param string $ext
 * @return string
 */
private function _get_mime_type($ext) {
	switch (strtolower($ext)) {
		case 'mp3':
			return 'audio/mpeg';
			break;
		case 'm4a':
			return 'audio/mp4';
			break;
		default:
			show_error('unrecognized extension, unable to find mime type');
	}
} // get_mime_type


/**
 * Sets headers and sends the file to the user
 * @param string $file Full path to file on the server
 * @param string $mime_type file's mime type string
 * @param string $save_as suggested filename for saving the file
 */
private function _do_download($file, $mime_type, $save_as){
	$size = filesize($file);

	$attachment = (
			strpos($_SERVER["HTTP_USER_AGENT"], "Mozilla/4")===false // Not Moz4
			|| // or
			strpos($_SERVER["HTTP_USER_AGENT"], "MSIE")!==false
		) // is IE
		? ' attachment;'
		: '';

	// no idea why those urldecodes are in there.
	$content_disposition = "Content-Disposition:" . $attachment . " filename=" . $save_as;

	// someone suggested adding an etag to warn clients that this might be a different file
	// see http://stackoverflow.com/questions/2945921/html5-audio-with-php-script-does-not-work-on-ipad-iphone
	$fp = fopen($file, "r");
	if ($fp === FALSE) {
		show_error("Unable to stat file");
	}
	$etag = md5(serialize(fstat($fp)));
	fclose($fp);

	header($content_disposition);
	header("Content-Type: " . $mime_type);
	header("Content-Length: $size");
	header('Etag: ' . $etag);

	readfile($file);
}
} // class Download

sneakyimp

So I have taken a slightly different tack and am using JPlayer to render a player for the audio file. It seems to work for other folks, but the tunes never play on my iPhone. Any thoughts on this would be much appreciated. It's impossible to debug iPhone problems. Just miserable trial-and-error.