Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum
https://www.tinywebgallery.com/forum/

Restrict direct access to videos
https://www.tinywebgallery.com/forum/viewtopic.php?f=1&t=3760
Page 1 of 1

Author:  dinko [ 22. Nov 2014, 05:14 ]
Post subject:  Restrict direct access to videos

Hello,

I was trying to use the new HTML5 video option introduced in 2.2 and I finally got it to work when I realized that I needed to grant access to the directory that contained the video (i.e.: not have it be restricted). My setup is simple:
- I have a pictures/ directory where I store all the pictures and videos
- I usually have a .htaccess in that directory that denies access to everyone
- this works because I use the non-direct path to access pictures (it loads via image.php)

My question is: is there a similar mechanism for videos. Currently, it seems to directly load from the pictures/ directory. Basically, I would like to protect the videos just like I protect pictures.

Thanks,
Romain

Author:  TinyWebGallery [ 22. Nov 2014, 10:46 ]
Post subject:  Re: Restrict direct access to videos

No, There is no redirections through php for videos.

I'm also not sure what kind of protection this should be? Because anyone can easily get the video through the php files as well.
For images this is different as normally the originals are protected and only the smaller web images are shown.

Best, Michael

Author:  dinko [ 23. Nov 2014, 02:41 ]
Post subject:  Re: Restrict direct access to videos

Hello,

OK, thanks for the answer. For the reason for the protection, right now, if someone knows the path of the video on the server, they can directly access it without having to login or anything. For the pictures, currently, the originals are protected (and you go through the PHP file which, I assume, checks session credentials). The smaller "cached" versions are indeed visible (although adding a .htaccess there only slows things down but does not break anything) but the names are at least hashed making it a little harder to get to.

Basically, I wanted something that would check for proper credentials before serving the file (using the .htprivate files for example). Does that make sense?

Thanks,
Romain

Author:  TinyWebGallery [ 24. Nov 2014, 10:43 ]
Post subject:  Re: Restrict direct access to videos

Sure it makes sense. There has to be an additional php file which does the credential check and the streaming of the php file.
So feel free to extend this.

Best, Michael

Page 1 of 1 All times are UTC + 1 hour [ DST ]
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/