Hide html video url source / restrict Linux folder to specific php user

Question

I have multiple HTML video tags with source URLs as follows in my PHP file :

<video class="d-block video-js vjs-default-skin col-video" width="100%" controls:false;>
    <source src="<?php echo $videoPath; ?>" type='video/mp4'>
</video>

As loaded by the client, the source attribute looks like this on a web-browser :

<source src="./Username/videos/001_video.mp4" type='video/mp4'>
{...}
<source src="./Username/videos/002_video.mp4" type='video/mp4'>
{...}

My problem is that I don't want the client to be able to view other user's video by changing the URL on the source attribute of the video tags.

This seems to be called "user restricted content/ressources" (not sure as I am a C/C++ dev.).

I'm not using any framework, pure PHP, on L.A.M.P. (Apache2) web server.

I know this was made 10 years ago and that there are a lot of newer solutions by using frameworks or other languages like NodeJS, but I have no possibility of changing the architecture of the website, for the moment (but it will be reviewed in the future).

This either can be done server-side on Apache configuration (if it can ?), or either on HTML/PHP web-side.

What I saw on the web before asking is a solution like this one (https://www.sitepoint.com/community/t/hide-video-url/225822/7), that I tried :

<source src="video.php?show_the_video=VIDEO_ID/NAME_ENCRYPTED" type='video/mp4'>

And have, in video.php, something like this :

if (($_SERVER['REQUEST_METHOD'] === "GET") && ( isset($_GET['show_the_video']) )) {
    $uncryptedPath = decrypt($_GET['show_the_video']);
    $ctype = 'video/mp4';
    header('Content-Type: ' . $ctype);
    $file_path_name = $uncryptedPath;
    $handle = fopen($file_path_name, "rb");
    $contents = fread($handle, filesize($file_path_name));
    fclose($handle);
    echo $contents;
} else {
    echo "";
}

But it seems not to work quite well for me (maybe as I have a lot a lot of video tags on the same page). It worked partially but was so slow to load the page... It is not acceptable for me. It took forever to load the page with about 20 video tags.

Can anybody help me by routing me or proposing solutions ?

Answer 1

The solution proposed by @Script47 is simple :

• Keep the video source tag as follows :
• But only on one video tag that is showing the video full-screen (by model), and replace others by thumbnails

I tried this but it seems that loading a video file of 1 minute (~8MB), with fopen() and fread() function in PHP, is so slow.

Any way of streaming from the MP4 file, to the video source tag, in PHP, but quickly than fopen() / fread() (or to make them faster) ?

Answer 2

What about using RewriteMap? Your src tag contains a crypted URL. I your .htaccess, you write the following:

RewriteMap videos "txt:/path/to/map.txt"
RewriteRule "(crypted-pattern)" "/path/to/videos/${videos:$1}"

Your map.txt looks like that and has to be updated when a new video is uploaded:

hash1 user1/video1.mp4
hash2 user1/video2.mp4
hash3 user2/video1.mp4
# and so on...

The probability that a user changes that hashed URL and get a working video file is rather small.

You can also use a SQL database or other map types instead of a plain txt file.