php - How to password protect files (images, video, zip) dynamically from public and allow access to members only?

Question

It's a common problem, solved many times, but for some reason i cannot find the right information.

Some constraints and requirements:

• Technique for LAMP stack.
• Fine-grained control of which files are accessible.
• No basic authentication with htpasswd files, i want to provide a custom login frontend.
• Should be able to securely protect and serve big video files

How do all those sites protect their files from public without using basic authentication?

Thanks!

A similar question: Performance-oriented way to protect files on PHP level?

Answer 1

You would usually redirect any requests for the media files to a PHP script. The PHP script does the login authentication, and on success, loads the requested media file from a protected location, and passes it through to the browser, for example using fpassthru() or fread().

You can set up a very elegant solution using a set of mod_rewrite instructions, for example rewriting

www.example.com/media/music.mp3

internally to

www.example.com/media/index.php?file=music.mp3

the method is not cheap, as the PHP interpreter has to be started for every download, and pass through every byte of the file. For a discussion of possible alternatives, I asked a question about that a few months back: Performance-oriented way to protect files on PHP level?