|
|
Posted by Brian Huether on 12/01/06 00:12
I have a website where I host guitar lessons. I force people to register in
order to listen to audio. But I don't think I am using a good method for
protecting the files and preventing people from reverse engineering to
figure out the link. For instance, the files are located at
www.mysite.com/myaudio/
Here is the code I use to process the the audio links:
function GetLink($exid, $type) {
if ((!pnUserLoggedIn()) && ($type != 4)) {
session_start();
$_SESSION['lasturl'] = getenv("HTTP_REFERER");
include("header.php");
OpenTable();
echo "You must be a registered user to access lesson audio. You can <a
href = \"user.php?op=register&module=NS-NewUser\">register</a> now for
free.";
CloseTable();
include("footer.php");
return;
}
if ($type == 0) {
$result = mysql_query("select url, file from nuke_mainlessons_exercises
where exid = $exid");
list($url, $file)=mysql_fetch_row($result);
if ($url == "") {
$link = pnGetBaseURL()."$file";
header("Location: " .$link);
} else {
$link = "$url";
header("Location: " .$link);
}
}
}
After the command is successful, Media Player laucnes and shows the name of
the file. So if someone knows the file is at www.mysite.com/myaudio/ then
they can just append the audio clip name to that url and access the audio.
What is the proper way to do this?
thanks,
brian
Navigation:
[Reply to this message]
|