14

I am building a site similar to thefuture.fm. DJs are able to upload MP3 files and set if the file only can be streamed or streamed and downloaded.

Visitors to the site don't have to login to listen to music. They should be able to stream/download these MP3 songs depending on the users settings.

I am using the jPlayer to play songs. I have searched all over the web but can't find any solution. Does jPlayer have any facility like prevent downloading of MP3 files? Or is there any way I can prevent this?

halfer
  • 19,824
  • 17
  • 99
  • 186
Sumit Bijvani
  • 8,154
  • 17
  • 50
  • 82
  • 5
    You want to stream the song, but do not want the user to download the data? – Daniel Dec 21 '12 at 09:04
  • yeah @Daniel , do you have any idea? – Sumit Bijvani Dec 21 '12 at 09:06
  • 4
    It can't be done with jPlayer. jPlayer needs to access the files in exactly the same way that the user would download them. You can't do it with any other HTML/JavaScript player either. You can do it with a Flash player, but note that it is still fairly hard to prevent downloads - you can just make it harder to download. – Moshe Katz Jan 01 '13 at 23:26
  • @MosheKatz thanks for information... can you please tell me how can i prevent it with flash player? – Sumit Bijvani Jan 02 '13 at 07:08
  • I've added a note to my answer about playing data in Flash from a buffer. This would require you to write your own Flash music player, but I think the routines available would make that quite easy. The hardest part is the encryption, but there are bound to be free libraries for that too. Afaik the Flex development environment is free of charge, and there are lots of examples on the Adobe site. – halfer Jan 05 '13 at 11:40

5 Answers5

14

It's actually impossible to prevent downloading. You can make it harder for somebody, but he still needs to download all the data to hear the song. So even if you use some encryption to send the data to a flash player you write yourself, the player will have to decrypt it and play the audio. And since you can decompile flash it wouldn't be to hard to find out the algorithm. He could also just record the music again when playing it (similar to the first DVD decrypt tools, who just took a screenshot 30 times/sec to pass million dollar security measurements)

So the goal is to make it harder, not impossible.

Personally I would go for temporary available links in combination with a cookie, so I can still use jplayer and don't have to reinvent the wheel. Also use some obfuscating to make it harder to read the URL.

When somebody request the main URL (where you show your player) generate a unique key and save it in a cookie. The unique key should link to the IP address and request time stored in session.

Now create a link to the music file like playfile.php?file=music.mp3 or whatever. Just make sure that PHP will handle the file request. If you obfuscate this link it will be a little harder to find it.

In playfile.php check for the unique code in the cookie and check if it matches the IP address in session and the request time is less then EG 15 seconds (any longer and music won't play anyway with slow internet connection). If it is, stream the file. If it's not, block it.

Now if somebody would write a program/script to download the music, he can. But if somebody has the knowledge and time to do that, nothing will stop him from downloading it.

This will prevent any normal user from downloading it.

halfer
  • 19,824
  • 17
  • 99
  • 186
Hugo Delsing
  • 13,803
  • 5
  • 45
  • 72
5

Preventing hotlinking is a bit easier, since in general you'll have a referrer string to check. If this is present then you'll know not to serve the content. Here is a code example.

Preventing downloading on the other hand is much harder - the best approach would be for a Flash application to decrypt data in realtime - if you use a simple encryption scheme, most client hardware should be fast enough. I couldn't find much for this on the web, so I wonder whether you'd have to do some Flash/Flex development yourself: download MP3 data in chunks, apply decryption routines from a library, and send them to some sort of MP3 decoding buffer. I suspect the password would be hard-coded.

Addendum: I've found that in later versions of Flash you can play dynamically generated sounds from a buffer (see here). So, if you're willing to get stuck into some Flash/Flex development, a solution is in sight. I couldn't find anything that accesses low-level MP3 routines, but don't forget that files don't have to be MP3 as transmitted from your server - convert them to whatever your app needs.

halfer
  • 19,824
  • 17
  • 99
  • 186
4

What you are searching for can't be achieved with JavaScript solution. If you want javascript to play something, it has to download it and in order to download it, JavaScript needs a URL.

Most common way to tackle this problem is using Adobe Flash and making a player in it. You can make your player stream content (mp3 in your case) without explicitly exposing actual data location to user.

4

Put the file(s) in a location that isn't accessible from the browser and use PHP to stream them out as a series of chunks using HTTP/1.1 206 Partial Content. Then use a method like this to edit the context menu to add/remove the 'save as'.

Use a session var to eliminate direct linking.

ethrbunny
  • 10,379
  • 9
  • 69
  • 131
0

Actually, there is a player that DOES scramble the url and it works pretty good. We used it because of this excellent feature. It is not impossible to download/save the audio, but at least it is not a matter of just opening the inspector and copying the url. It also prevents from sharing to outside sources by URL. So, contrary to the above, it IS possible and it IS available :)

Check the plugin out here: https://wordpress.org/plugins/mp3-jplayer/

Tom
  • 1
  • 1