PHP + NGINX Control video file playback, and prevent file download

The simplest method is to use Nginx's internal function

server {
Listen 80;
server_name www.xxx.com;
　
Location/{
Index index.php index.html index.htm;
root/xxx;

if (!-e $request _filename) {
Rewrite ^/index.php (. *) $/index.php?s=$1 last;
Rewrite ^ (. *) $/index.php?s=$1 last;
Break
}
}

# Here use internal to do download protection, only allow internal programs (PHP, etc.) access, so external direct access to this address will prompt 404 error
Location ~ \.mp4$ {
internal;
# The path configuration here is optional, can be configured outside the site, and other location in the configuration path is a meaning, can better prevent the file is downloaded through the URL
root/bbb;
    }

Location ~ \.php$ {
root/xxx;
Try_files $uri = 404;
Fastcgi_pass Unix:/var/run/php-fpm/php-fpm.sock;
Fastcgi_index index.php;
Fastcgi_param script_filename $document _root$fastcgi_script_name;
Include Fastcgi_params;
}
}

It is then accessed through the header (' Location:/xxx/aa.mp4 ') in PHP, but this is only appropriate for small files, because this method does not support Content-range and HTTP 206, resulting in no support for the continuation of the breakpoint and the edge-to-bottom broadcast of the video file

The best way is through the header (' X-accel-redirect:/xxx/aa.mp4 ') access, X-accel-redirect support Content-range and HTTP 206,apache inside is X-sendfile

If you can not configure nginx internal option, or Nginx does not support X-accel-redirect, but to use the breakpoint continuation, edge and download protection, then the PHP code to control

The idea is to use token authentication, first download the file by the front-end request a token, this token by the user id+ time stamp + video ID composition, and then stored in session and encrypted and sent to the front end

$token $_session  Time $id ; // Save unencrypted tokens to seesion $_session $token ; // encrypt tokens for sending to clients $token = Mcrypt::encode ($token, ' Lbnnbs ');

The front end receives token, sends the token request file download to the download controller URL, the controller decodes the token, determines whether the session is consistent, whether the user ID is correct, whether the video ID is correct or not.

The video ID is then converted to a file address and sent to the front-end download via PHP read files. And it supports the operation of the breakpoint continuation, side-down, etc. by sending Content-range and HTTP 206来.

$id = Decodeidfromtoken ($token); $file = GetFilePath ($id); Sendvideo ($file);

    Private functionSendvideo ($file) {        Header("Content-type:video/mp4"); Header("Accept-ranges:bytes"); $size=filesize($file); if(isset($_server[' Http_range '])) {            Header("http/1.1 206 Partial Content"); List($name,$range) =Explode("=",$_server[' Http_range ']); List($begin,$end) =Explode("-",$range); if($end= = 0)                $end=$size-1; }Else {            $begin= 0; $end=$size-1; }        Header("Content-length:".) ($end-$begin+ 1)); Header("Content-disposition:filename=".basename($file)); Header("Content-range:bytes".$begin. "-" .$end. "/" .$size); $fp=fopen($file, ' RB '); fseek($fp,$begin);  while(!feof($fp)) {            $p=min(1024,$end-$begin+ 1); $begin+=$p; Echo fread($fp,$p); }        fclose($fp); }    Private functionDecodeidfromtoken ($token) {        if(Empty($_session[' UID '])) {            return false; }        $token= Mcrypt::d ecode ($token, ' Lbnnbs '); if($token!=$_session[' Video_token ']) {            //token decryption failure, decision invalidation            return false; }        $token _arr=Explode(' | ',$token); if(intval($token _arr[0])! =$_session[' UID ']) {            //token is not the current user and the decision is invalid            return false; }        if(intval($token _arr[1]) < Time()-10) {            //token generated 10 seconds ago, the decision failed            return false; }        unset($_session[' Video_token ']); return $token _arr[2];//return ID}

In addition, it is important to note that many times the MP4 file will not be able to support edge-to-side broadcast, this is because the transcoding or compression of the video file to MP4 when the metadata of the file is removed or placed at the end of the file, resulting in the front end player can not be the first time to obtain the video file playback length and other information It can only be played after all the downloads have been completed or until the metadata has been read. This time you can use the Qt-faststart.exe tool for processing, put the meta-data back to the file header.

PHP + NGINX Control video file playback, and prevent file download