authentication - How to password protect streaming videos with php

Question

What is the best way to password protect quicktime streaming videos using php/.htaccess. They are being streamed using rtsp, but I can use other formats if necessary.

I know how to do authentication with php, but I'm not sure how to setup authentication so that will protect the streaming files urls so that a user can't just copy the url and share it.

Or am I overthinking this and I can just use a normal authentication scheme and place the files in a protected directory?

Answer 1

Both nginx and lighttpd web servers have X-Send-File headers you can return from PHP. So you can do your checks in PHP and then conditionally server out the file.

if (check_user_can_access()){
    header('X-sendfile: /path/to/file');
} else {
    header('HTTP/1.1 403 Fail!');
}

Lighttpd also has a neat module called mod_secure_download that allows you to programatically generate a URL that will only be valid for a short time period.

Nginx, and possibly lighttpd, allow you to cap the download speed, so you're not sending out streaming data faster than it can be consumed.

Either way, you want to use your web server for serving files. Serving them through PHP is possible, but slow.