Not allowing people to post private youtube video links

Question

I have a website, and on it you can post a YouTube video link, and when you do, it gets the ID from it (the 11 characters) and puts it in the database. Then, you can view the video on a page and it gets the YouTube title and author with http://gdata.youtube.com/feeds/api/videos/ID and puts it onto a page with embed code. I would like to know how to not allow them to post private video links, like maybe there's a certain check I could do. This is what I have so far for posting the links:

if(isset($_POST['video'])){
  $error = array();
  if(filter_var($_POST['videourl'], FILTER_VALIDATE_URL) !== false){
    if(strpos($_POST['videourl'],'youtube.com')){
        preg_match('/[\\?\\&]v=([^\\?\\&]+)/',$_POST['videourl'],$video_embed);
        $video_embed = $video_embed[1];
    }elseif(strpos($_POST['videourl'],'youtu.be')){
        $video_embed = substr( parse_url($_POST['videourl'], PHP_URL_PATH), 1 );
    }else{
        $error[] = 'Invalid link';
    }
  }else{
    $error[] = 'Invalid link';
  }
  $video_exist = mysql_num_rows(mysql_query("SELECT interest_vid FROM interest_videos WHERE interest_vid = '$video_embed'"));
  $interest_exist = mysql_query("SELECT name FROM interests WHERE name = '".$_POST['interest_for_video']."'");
  if(!empty($_POST['interest_for_video']) && mysql_num_rows($interest_exist) != 0){
    $interest = strtolower(mysql_real_escape_string(strip_tags($_POST['interest_for_video'])));
    $interest_id = mysql_result(mysql_query("SELECT id FROM interests WHERE name = '$interest'"), 0);
  }else{
    $error[] = 'Must specify an interest. ';
  }
      if(empty($error)){
        if($video_exist == 0){
            $result2 = mysql_query(" INSERT INTO interest_videos (user_id,interest_id,interest_vid) VALUES ('".$_SESSION['id']."','$interest_id','$video_embed')") or die(mysql_error());
            if(!$result2){
                die('Could not delete from database: '.mysql_error());
            }else{
                //$error_message = '<a href="#" onclick="toggle2(\'deletewebsite\', this); return false;"><div id="deletewebsite" class="success">Video Created</div></a>';
                header("Location: /interest/video.php?interest=".$interest_id."&video=".$video_embed."");
            }
        }else{
            $error_message = '<a href="#" onclick="toggle2(\'deletewebsite\', this); return false;"><div id="deletewebsite" class="error">That video already exists</div></a>';
        }
      }else{
        $error_message = '<a href="#" onclick="toggle2(\'deletewebsite\', this); return false;"><div id="deletewebsite" class="error">';
        foreach($error as $key => $values){
            $error_message.= "$values";
        }
        $error_message.="</div></a>";
        }
}

Is there a check that I could put in there so they can't post private videos?

Answer 1

Just check to see if http://gdata.youtube.com/feeds/api/videos/ID is equal to "Private video" as that is what will be returned.

When it does not exist it will return "Video not found".

Edit: Also, when it is an improper ID it will return "Invalid id".

Answer 2

You're going to have dive into youtube's API. Have a look at How do I check if a video exists on YouTube, using PHP?

I'm assuming that if a video is private the api should respond the same as when the video does not exist. But that link should definitely help.

Answer 3

I figured it out (it's been a long time since I've posted this question, and it's been a while since I have figured it out, but I thought I should answer it) and all I had to do was check if it could load the file with the boolean, like so:

if(@DOMDocument::load("http://gdata.youtube.com/feeds/api/videos/".$video_embed) === false){
    $error[] = 'Invalid video';
}

And I put the @ in front of it so it wouldn't display all of the errors it gives when it can't load it :)

Hope this will help someone in the future!