0

I'm looking for a way to hide mp3 links form the source code in a post using the PHP method.

I've looked at several older methods that either crash my site or don't work at all.

Hide MP3 full url

https://mlitzinger.com/blog/obfuscating-file-paths-html-audio/

<audio src="/mp3.php?file_id=0"></audio>
<?php
 if (strstr($_SERVER['HTTP_REFERER'], 'mattlitzingermusic.com/music') !== false) {
$track_id = $_GET['file_id'];
$tracks = array(
  '/audio/file_0.mp3',
  '/audio/file_1.mp3',
  '/audio/file_2.mp3',
  '/audio/file_3.mp3'
);
    header('Location: ' . $tracks[$track_id]);
  } else {
    header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden', true, 403);
    echo '<h1>Forbidden</h1><p>You don\'t have permission to access this 
    file. </p><hr>';
      }

I'm wanting this to hide the mp3 URLs when you view the source code in a post to make it more difficult for novices to download.

1 Answers1

0

Set the content type to "Content-Type: audio/mpeg". Then you should be able to echo the contents of the audio file from the /audio directory. This would avoid the redirect altogether. I would also not publish the /audio directory on your web server but leave it somewhere else on the file system. There are more details on how to read and stream here, however I would use a local file read rather than http based, because you don't want to publicize the location of the file.

In answer to obfuscation you can attempt to use an encryption hash of the file name using a secret key only available on the server. This would stop somebody from guessing the file name. It would still remain consistent as long as the secret key does not change, so once they have the URL they can get the mp3 downloaded.

Aaron Pfoltzer
  • 89
  • 3
  • The first two parts of your solution crash my site. While not perfect, the best solution is encryption. Since I do not control the episodes which are hosted on a different platform who are the ones that encrypt the files but still show the full URL, I've reached out to them for full encryption of the files to disguise them from users and link grabbers. –  Jul 08 '19 at 12:02
  • OK, well it would take some development to get the files to stream out from PHP, following the link I sent. As for encryption, I simply meant to encrypt the file names, not the actual files. – Aaron Pfoltzer Jul 08 '19 at 13:39
  • Thank you, I understood what you meant by encryption. I'm looking at the source code for a website that does it now and I've tested it - it works. I just don't know how they did it. –  Jul 08 '19 at 18:20