0

Im using following php code to display a video to an html player ( video.js library ).


if ($fp = fopen($path, "rb")) {
    $size = filesize($path); 
    $length = $size;
    $start = 0;  
    $end = $size - 1; 
    header('Content-type: video/mp4');
    header("Accept-Ranges: bytes");
    if (isset($_SERVER['HTTP_RANGE'])) {
      $c_start = $start;
      $c_end = $end;
      list(, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2);
      if (strpos($range, ',') !== false) {
        header('HTTP/1.1 416 Requested Range Not Satisfiable');
        header("Content-Range: bytes $start-$end/$size");
        exit;
      }
      if ($range == '-') {
        $c_start = $size - substr($range, 1);
      } else {
        $range = explode('-', $range);
        $c_start = $range[0];
        $c_end = (isset($range[1]) && is_numeric($range[1])) ? $range[1] : $size;
      }
      $c_end = ($c_end > $end) ? $end : $c_end;
      if ($c_start > $c_end || $c_start > $size - 1 || $c_end >= $size) {
        header('HTTP/1.1 416 Requested Range Not Satisfiable');
        header("Content-Range: bytes $start-$end/$size");
        exit;
      }
      $start = $c_start;
      $end = $c_end;
      $length = $end - $start + 1;
      fseek($fp, $start);
      header('HTTP/1.1 206 Partial Content');
    }
    header("Content-Range: bytes $start-$end/$size");
    header("Content-Length: ".$length);
    $buffer = 1024 * 8;
    while(!feof($fp) && ($p = ftell($fp)) <= $end) {
      if ($p + $buffer > $end) {
        $buffer = $end - $p + 1;
      }
      set_time_limit(0);
      echo fread($fp, $buffer);
      flush();
    }
    fclose($fp);
    exit();
  } else {
    die('file not found');
  }

problem, when i open the link to that file i can easly access the video. What i'm asking is, can i encrypt it somehow so that only the player can display it in a way where i can still open it locally from outside the site its saved on, but not from the url directly, but rather in a specific player?

lendo
  • 190
  • 2
  • 10
  • 1
    No. You could of course use DRM (widevine etc.) but it's not worth it and people who want to save the video will find workarounds anywy. – ThiefMaster Apr 10 '22 at 12:05
  • @ThiefMaster Certainly they could, but as of right now it is just too easy to access the video out of the app, that's what id like to change. – lendo Apr 10 '22 at 12:08

1 Answers1

1

As mentioned in the comments, the typical approach to use would be DRM. This is designed to restrict access to a particular user or device rather than a type of HTML5 player, but I suspect that would work for you anyway.

If you want a lightweight, less costly but also less secure approach, you could use a 'clear key' approach along with either HLS or DASH streaming protocols.

These are similar to the major DRM solutions, encrypting the content on the server side and decrypting on the client side, but the content decryption key itself is not encrypted and is passed in an open way between the server and the client.

Given that it sounds like you are just trying to make things hard for the casual copier of your video, this may be enough for you.

Further details of both the HLS and DASH approaches here: https://stackoverflow.com/a/45103073/334402

Mick
  • 24,231
  • 1
  • 54
  • 120