How to prevent downloading and leeching

If you would please post links to your html page and to em3uplugin.php it would be a lot easier to help you.

To answer your questions:

You enter a path or URL to your existing m3u playlists in the $playlist array. Test the URL in your browser ( copy/paste ) to make sure that it is correct.

You change "playlist.xml" to "em3uplugin.php?m3u=1" so your flashvars line would look like this:

flashvars:"file=http://my.domain.com/path-to-file/em3uplugin.php?m3u=1&...the rest of your flashvars.

Again, test the URL to the em3uplugin.php by putting it into your browser ( copy/paste ) and see if a valid XSPF playlist is returned. It's always best to copy/paste the URLs because then any typos, etc., will be apparent when it doesn't work. Of course, always substitute your actual domain name and the actual path-to-the-file for "my.domain.com" and "path-to-file".

If you post links, I can check your files and give you a more detailed answer.

but remember that you cant use sec download + flv streaming at the moment... (some small bug, its probably fixed if you read this.)
(b)

Hi all! I know some of you have been waiting for me.

All has gone quite well during the last weeks.

I've finished my player... And I'm quite sure you're very eager to try it. Therefor I've put a demo online.

Have fun with it. If you somehow manage to download one (or both :-) ) of the sample mp3's, let me know here...

http://www.concertival.be/tst/secureplayer

Quicklink <a href="http://www.concertival.be/tst/secureplayer">http://www.concertival.be/tst/secureplayer</a>

Hell!!! :-)

[url=http://www.concertival.be/tst/secureplayer]http://www.concertival.be/tst/secureplayer[/url]

HA! No cookies for you.

05/04/07 09:16:55 192.168.0.1 Guest 0000400505 Requested: SSL://storage.concertival.be:443
05/04/07 09:16:56 192.168.0.1 Guest 0000400503 Requested: http://storage.concertival.be/play/e40587a6cff8c7d7c8fde9669b861410.mp3
05/04/07 09:17:11 192.168.0.1 Guest 0000400505 Traffic 6203 1283 1047 6164 16s
05/04/07 09:17:31 192.168.0.1 Guest 0000400503 Traffic 4142756 364 297 4142750 42s

05/04/07 09:21:51 192.168.0.1 Guest 0000400605 Requested: SSL://storage.concertival.be:443
05/04/07 09:21:52 192.168.0.1 Guest 0000400606 Requested: http://storage.concertival.be/play/154fe9c74f03c453592a9cb1e0595dad.mp3
05/04/07 09:22:07 192.168.0.1 Guest 0000400605 Traffic 659 996 760 620 16s
05/04/07 09:22:25 192.168.0.1 Guest 0000400606 Traffic 3876350 364 297 3876344 33s

Volume in drive D is XYZ_D_4_01
Volume Serial Number is NNNN-NNNN

Directory of D:\Concertival

05/04/07 09:33a <DIR> .
05/04/07 09:33a <DIR> ..
05/04/07 09:22a 3,876,029 154fe9c74f03c453592a9cb1e0595dad[1].mp3
05/04/07 09:33a 0 dir.txt
05/04/07 09:17a 4,142,435 e40587a6cff8c7d7c8fde9669b861410[1].mp3
5 File(s) 8,018,464 bytes
14,313,824,256 bytes free

And where can I download that file?
http://storage.concertival.be/play/e40587a6cff8c7d7c8fde9669b861410.mp3
Try to download it, it won't work.

Is in Internet Explorer cache.
Look at directory listing.
Can I email the files back to you?

I can't find it there :S?
IE only caches : none.jpg,ufo.js and mp3player.swf ?

I have 2 .mp3 files in Internet Explorer cache.

Ehm,
did you clean your cache before you tested it?

@FreakyHase

You should stream your files with this php streamer so they don't end up in his cache. Or if you are using another streamer, at least send these headers. They will prevent ALL caching.

<?php

$file = "/music/" . $_GET["file"];

$fh = fopen($file,"rb");

while (!feof($fh))
{
header("Cache-Control: no-store, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Content-Type: audio/mpeg");
header('Content-Length: ' . filesize($file));
print(fread($fh, filesize($file)));
}

fclose($fh);

?>

Using this streamer EVERY file gets sent with the "no-store". I have tested it extensively and never found a file in any cache.

I deleted cache. Those are yours mp3. Want me email to you for check?

Put more song. I can catch too.

Hey!

I didn't made this!
Kiwi did.

FreakyHase - So sorry I mixup.

Mr. Kiwi - Please read to FreakyHase by my post.

BJ, can you check again?

- I did some modifications to the file headers.
- I did a test in both IE and FF, no files are stored in cache here.

Can you do your test again, and if you still manage to retrieve the files here, could you tell me which browser you use to do the test.

Mr. Kiwi

Surely I find in my cache yur musics.

Directory of D:\Concertival

05/05/07 08:48a <DIR> .
05/05/07 08:48a <DIR> ..
05/05/07 08:38a 3,876,029 111bef75547c725a99af57da3fe98c7e[1].mp3
05/05/07 08:04a 3,876,029 990e25dcb3534a00a85230bfd8581a65[1].mp3
05/05/07 08:43a 4,142,435 cd0ea89fad6007f0355f33eb33628991[1].mp3
05/05/07 08:14a 4,142,435 cd919832e16fa473e04774bf1b5b0252[1].mp3
05/05/07 07:29a 4,142,435 cdb597f5c91c2b846bb9218b521288d7[1].mp3
7 File(s) 20,179,363 bytes
14,285,475,840 bytes free

Is possible with Micosoft Internet 6.0.2800.1106

Surely you need more details then I can make.

@Kiwi - good work! This is something to do with amfphp?
BTW, do you happen to live in Ak, Nz?

It's impossible. Firebug, a development tool for firefox gives you all the links that have been streamed. Just click Net->All scroll down, and it shows you the direct url to whatever you're listening to. wget that, and you've got an exact copy of whatever is being streamed. Even if wget isn't an option - you check for a session cookie or something - I can still copy and paste the link directly into the browser, and get the mp3. After it's download I can just rename it.

You just can't win. No matter what the file name looks like.

For the record http://www.concertival.be/tst/secureplayer does not even let you play the music via the swf.

Erm,

If you use firebug, which I also do, you will see the direct links to the mp3's. But if you try to download them, you will get a "unauthorized download error".

And even with the session cookie, you won't be able to set a song.

Were you actually able to get the song?

Patrick,

Yes, i'm using amfphp do do the communication with the server. And no, i do not live in NZ. I'm a .be :)

BJ,

I really would like to have some details. Are you doing this without any special plugins? IE doesnt cache a singe audio file over here.

So, BJ, can you also cache the music at virb.com and purevolume.com?

Hello Everybody
First i'de like to say thx to JeroenW for the player ...
Here is a very simple way to stop downloading your song mp3 from your server...it's a simple way to use :
you can play the song and run any prog ( like "download manager" to detect the mp3 location ) and see what happening here :

http://www.rifway.com/JeroenW/norsk/player.html

everybody will understand where is playlist and the file location of the song ..; but there is some tricks to use & you cannot download the song manualy even if you run The download Manager.

Less you can do is to do this way for the playlist ....
Hope it helpful

:)

there is of course a way to download it, but it's not just simple .

Norsk,
here is your mp3 : http://www.rifway.com/choukri/%A0imetl%A02%A0id=2
Download it, rename it to blabla.mp3 and you can listen the song.
Kiwi, i still didn't get the link to your real mp3

@Norsk - from my IE cache: imetlaa.mp3 5.912KB 06-05.2007 15:22 (renamed from imetl 2 id=2)

Hello Mr. kiwi

OK i give you some informtions

No special setup Windows and Internet Explorer.

purevolume music in my cache 96kilobit - medium quality so-so

this site virb I can find no music seems only video no? look look look no music is suppose be music here?

OK is one artist Feist with music byt plays myspace. Yes in cache (of course) but gone when end so i catch fast = good trick!!

OH almost i forget (so dummie sometime) videos in cache too but BIG size!

my friens says better way is mirror drive for cache no erase. Then every file on mirror.

@Kiwi ... very impressive ... what else can I say? Can you give us the code, or point us in the right direction in how to achieve the same results?

ok mr Kiwi

Now we knom virb for music file to get. This way load player then music in cache. Must save before song end.

http://virb.com//_swf/virbPlayer.swf?skin=white&pageId=52633

change pageid for artist

I show you some.

Silversun=52633
Feist=54492
Lily allen=3361

I think you can know this..

I tried to do this:

my call to the flash player was actually a call to a php script that wraps the flash player itself and uses a header call to push the correct mime type to the browser. If I did this:

flashplayer.php?moviefileparam=somemovie.flv in my URL bar, it worked fine, but this is not what I want to do. What I want to do is pass a uid to the php script, then have the php script adjust the query string before invoking the actual player with readfile(). I tried EVERY possible way to adjust the query string that I could think of, but nothing worked. The flashplayer bailed everytime.

So my question becomes, how does the flash player parse the query string? Doesn't it just read the GET vars from the web server like everything else? If so, then my attempt to rewrite the GET on the fly with php should work, but alas it does not.

If I can just figure out how the flash player reads the query string for params, I can obfuscate very easily. I could even go so far as to have another php wrapper to dispatch flv's and deny access to the flv directory altogether.

Any thoughts?

Kiwi has teased us nicely with his method. I'd like to know how he did it, but what would put me off using it is the significant delay it introduces before an audio track is delivered.

Hi,

I made this one :
http://www.rapmaster.nl/fl/mp3player.php
Can someone find the link to the mp3 or can somebody download the file?

sid=05351c19fa1799429772751a4ea5b337 (but havent found the file yet)

Hi,

I made this one :
http://www.rapmaster.nl/fl/mp3player.php
Can someone find the link to the mp3 or can somebody download the file?

I picked up no other file other then

http://www.rapmaster.nl/fl/mp3player.swf
http://www.rapmaster.nl/fl/1.php

Hi,
now I have also a Generator for pls Playlist created.
[url=http://www.pa-s.de/php/codeschnipsel-PLS-Plugin-for-Flash-MP3-Player-50.php]click here[/url].
Like my Plugin for m3u Files.
But at the moment only for Playlists, not for streaming (sorry).

regards Patrick

so... Has Freakyhase figured it out?

Warning...NOOB alert...

Can i ask how you are only passing an ID variable and not the name? What does the lookup?

s1.addVariable("id","1")

@spiceman - the file does seem hidden to my plain "browser hacking" -
remains to be seen if regular streamrippers cant get at it after all?

if you look in your cache (maybe emty first) theres a file called "1"
it contains the sid i posted a little earlier...

@spiceman - could be a "red herring" ofcourse...

hmmm... well.. i will wait and see then.... cuz i am not the keenest to try and hack...

Is there a thread i can review about just passing the id? which i assume is used to call a database with the fullpath... etc...

If somebody can get access to them through a flash player, they can download them. I know how to download mp3's from artists sites, MySpace, PureVolume, etc when they don't want you to. It doesn't mean that I do it or that people should do it, but it's just impossible to protect it if the community is open to them, and if people are just that desperate, you can just use audacity or another audio capture program to record what's coming out of your speakers.

A simple Firefox plug-in called firebug allows me to find just about anything out that's going on in the background of a web page (what's being downloaded to my cache, where it's coming from, etc...)

Just think about it...

@FreakyHase What have you done? Can you get this working with a playlist? Have you altered the player (like kiwi did)?

@FreakyHase - ok I decompiled the player and saw the scs function. I can grab the mp3 file (with the session id), but only for a brief time while the player is downloading it. This is a good system (a bit similar to what I do in php, where every download url is time limited), but I don't see how your system will work with an xml playlist.

@James - we know the theory, and I'm sure we all have firebug. Try Kiwi's player - he uses amfphp to communicate with the server.

Dead Link

[url=http://www.rapmaster.nl/fl/mp3player.php]http://www.rapmaster.nl/fl/mp3player.php[/url]

Come on FreakyHase, to be a fair test, you at least have to give us access to the player :p :p

I think the whole site/server is down...

Hi,

@ Patrick, I'm working on a playlist :)
And the site is up now

And Patrick, how did you find the scs function?

Still dead.

[url=http://www.rapmaster.nl/fl/mp3player.php]http://www.rapmaster.nl/fl/mp3player.php[/url]

Come on FreakyHase, you're tempting and teasing us with these players, and then the link's dead. :p :s :p

FreakyHase ... are we allowed to get the FLA or PHP to implement? Not sure if this thread is ultimately supposed to produce something that everyone can use?

Hopefully that is the case... while you at it...pls tell how you did the ID call and not the name...

@ Will, the link is working here?
Try to open the site with a proxy?

@spiceman, when I finished all my work(with playlist) I think I will share it with everyone.

@FreakyHase,

OK, finally got connected through a proxy. Your player loaded up and played a short riff.

Now, there's this thing in my cache named "openmp3rm[1].php" 47,024 bytes with an ID3v2 of "homeland". Sending it off to WinAmp, it sounds like the same riff that your player played. how did that come about?

Did you ever implement sending the "no-store" headers with every file, like I suggested above?

No (b)(b)(b) for you yet!

@FreakyHase I decompiled the swf, and had a look at the initial action script.

@Will,
Yes, there are no cache headers in my script :
header('Cache-Control: no-cache');
header('Cache-Control: no-store');
header('Pragma: no-cache');
header('Content-Type: audio/x-mp3');
header('Content-Length: ' . filesize($file));

But what browser do you use, whick version etc?
My IE don't cache the song.

@FreakyHase,

I'm using Internet Explorer 6.

Are you sending those headers before EVERY song?

Previously, I posted this "stream-nostore.php" script. I tested it on many systems & browsers and it NEVER cached the media.

Maybe you need to add to your headers?

Specifically: "must-revalidate"

and: this whole header

I think you can forget about these two headers. In my testing, they had NO effect.

@ Will,
Oke thnx! I changed it.
Can you try it again?

@FreakyHase,

I still get your song in my cache.

Are you sure that you are sending those headers before each song, like I illustrated in the "stream-nostore.php" code above?

I'm going to do some more testng with a program that shows your headers. I'll let you know what I find out.

Hello,
I created a plugin for stopping caching the MP3 Files.
[url=http://www.pa-s.de/php/codeschnipsel-MP3-NO-CACHING-PLUGIN--51.php]click here[/url]

I didn´t get any Cache of the MP3 File with [url=about:cache?device=disk]about:cache?device=disk[/url].

Regards from Germany :d

And in about:cache?device=memory ?

Anyone test out Patrick's solution?

Patrick - Not sure I understand....

Plugin to stop the caching of MP3 files seems like agreat tool. Do we insert YOUR URL for the PLUGIN in your Playlist:
http://domain.tld/cachingplugin.php?getpas=http://domain.tld/track.mp3
Do we redirect to your site? OR

Do we make the plugin, add it to our own host server, then direct to it on our own site? (cachingplugin.php)
http://domain.tld/cachingplugin.php?getpas=http://domain.tld/lied.mp3

domain.tld = we subsitute our own site?????

Thanks / Brewer

Hello,
now I have updated the complete Code.
Now it stop caching the playlist and the mp3 file.
[url=http://www.pa-s.de/php/codeschnipsel-MP3-NO-CACHING-PLUGIN--51.php]click here[/url]

1. You create a php file named cachingplugin.php with the code
2. You rename playlist.xml to playlist.php
3. You modify playlist.php:
- You insert at the beginning of the XML-File the PHP-Header
- You modify the location of the MP3 Files:
- mp3/file.mp3 > cachingplugin.php?getpas=mp3/file.mp3
4. You insert the mod_rewrite Code OR
You modify your HTML-Code to set the new playlist File.

regards Patrick
(sry for my bad school english)

Hey,

This is a long painful forum to read!

Anyway, I was hoping to figure out a way of doing this so I could intergrate this with Ubercart/Drupal for a budget online MP3 shop. So the issues are:

1. Stop direct downloads:
- Put the MP3s outside the web root and stream them with a PHP file that sends no cache headers. You can also check in here to make sure they have a valid PHP session so posting links directly to you PHP script won't work. Thats 95% of the leachers taken by removing direct URLs and remopving cacheing.

Still if they can figure out where the script is and what session vars to pass they can get the files so not fool proof.

2a. I was just going to truncate the files to 30 seconds with the PHP script, but still have to lookup how to do this, but should be a fool proof method and give them the whole file if they have are logged in and have an order ID associated with their account.

2b. I might be possible to wrap the MP3 in a swf file in PHP using the Ming extention with something like this:
http://de3.php.net/manual/en/function.swfmovie.streammp3.php

Has anyone tired to implement ether of these two alternatives? Whatever I do I'll post back here wiht my results.

3. Is it possible for the Flash player to only request a 30 second chunk of the file and no more?

Keep the files outside the root, and serve them up with php. It's easy to send only 30 seconds if the user isn't logged in or whatever - just use a different content-length in the header. You can create urls that time out, by including some extra info as part of the url of the mp3. You can also check this doesn't get tampered with by md5ing the extra info & sending the result along in the url as well.

If you were selling files, you might also consider sending the uid with the url, so only that logged in user can use that particular url.

Ubercart looks promising, but I haven't downloaded it and mucked around with it. Is it good for selling files? I thought it had more emphasis on selling physical goods.

i can play a wma file ??

i have all files in wma and not in mp3

patrick

can you say more about the content-length and serving up 30 second mp3 files to anonymous users. i'm having a hard time following that.. anyway you can post some code with the md5 to show me what you're talking about.

i'm pretty good with php just not file downloads and having a hard time wrapping my head around this.

sorry.. forgot to say thanks for your post and help

Kiwi, why don't you share your solution with us?

I guess Kiwi decided to sell it instead :)

YOu could change the 'content-length' HTTP header, but won't the script just keep sending unless you stop it, or will Apache see this and cut the transmission short?

@Bobbles: to serve 30 seconds to un-authenticated users, just change the "header('Content-Length: '.$filesize,true);" in the headers. Normally $filesize will be the the filesize of the file, but you can change this to a smaller figure, and depending on the size of your mp3, make sure it is 30 seconds.

When you receive your GET or POST info, you can check that this info is genuine by md5ing it. So, say you send the url, expiry time, ip (for good measure), and a password, you might also send along a 5th bit of info which is the last 4 md5'd, like "$hash=md5($url.$expiry.$ip.$password);".

Hi,

I can't find the feedparser.as nor the loadfile function in the AbstractPlayer.as. How to change the file url in the script ? thanks a lot.
Fred

JeroenW (13.03.2007):

You can change that in the function parse() of the FeedParser.as file. At the top, there is a line:

parseURL = url;

You can just change it to something like:

parseURL = "http://www.mysite.com/mypath/"+url;

JeroenW (13.03.2007):

Then you should search for the loadFile() function of the AbstractPlayer.as. Change this line:

fileArray[0]['file'] = fil;

to somethin like this:

fileArray[0]['file'] = "http://www.myserver.com/mypath/"+fil;

I'm using your flash video player, and it's fantastic - it's just that I'm trying to figure out how to be able to put the content on all my html pages into posts on my blog - so people can leave comments in a better way - I've tried copying the relevant files into the blog folder and pasting all the code into the html for the post, but nothing shows up...

Will you find where I store my playlist?
http://music.vuilen.com/play.php?albumid=1260

A guy (Scott) had a similar idea to the truncating the MP3 severed from the server with Drupal in this discussion:

http://drupal.org/node/65941

It would be possible for someone to make a general purpose Drupal module to do this on purpose I think...

DUC... OR ANYONE... how do i accomplish this

/play.php?albumid=1260

how does the player interpret the album or track id that is in my database?

Spiceman,
I want those who can read the code to get the data from our server?
we have the way to protect.

Spiceman,
You can do this by using asp to generate xml list of song by id from your database then, set them up with the Flash player here so they can play song by song automatically.

All you need to know is asp codes and querystring from database.
DUC

what i do is i just use php to base64 encodet the URL, then I have flash player base64 decode the url. Its not the most secure, but it atleast deters stupid people.

http://dynamicflash.com/goodies/base64

Hi Duc!

I couldn't find the url of the MP3!
Really nice job!
How did you do this?
I made a secure player to, but it is still possible to get the MP3. And it only worked at 1 single file and not a playlist!
How did you do this?

Thanx,
FreakyHase

with my method described above, all the public would see would be

<title>Turn Coat</title>
<creator>Anti Flag</creator>
<location>
aHR0cDovL2JhZGFzcy5hdGguY3gvUHVua1JhZGlvL3NvbmdzL0FudGktRmxhZyUyMC0lMjBUdXJuY29hdC5tcDM=
</location>
<info>Uploaded by Me</info>
<image>
http://cover6.cduniverse.com/MuzeAudioArt/500/502084.jpg
</image>

but teh player would play the music still.

Not very secure, sorry :
echo base64_decode("aHR0cDovL2JhZGFzcy5hdGguY3gvUHVua1JhZGlvL3NvbmdzL0FudGktRmxhZyUyMC0lMjBUdXJuY29hdC5tcDM=");

Hi,

I tried the method provided in the documentation by trying to hide part of the flv URl:
==================QUOTE FROM DOCUMENTATION
Because of the many requests to hide part of the url for media files to prevent stealing, I have added a single line of code to the script in the FLA's timeline. If you un-comment this line (//var prefix = "..."), you can set here a prefix url the players will use for the FLV/MP3/etc. Set this e.g. to the directory where your mediafiles are located (http://www.jeroenwijering.com/uploads/), and then you only have to add the filename of your mediafiles to the flashvars/playlists.
===================

I have uploaded a flv file to blip.tv. My address of flv is something like:
http://blip.tv/file/get/Shelley-TestVideo961.flv

I uncommented the //var prefix and added the URL in the fla file as:
http://blip.tv/file/get/
in action script.

and added the remaining part in playlist as Shelley-TestVideo961.flv

I published the swf as flvplayer.swf ...but I can't see anything..not even the player. I am a flash newbie..What I am I doing wrong. Can somebody help me please.....If you could send me a flvplayer.swf with http://blip.tv/file/get/
in the var prefix (as a zip file to my e-mail, I would be highly obliged.
Please, help me :)

My e-mail is shelleytvm(at)yahoo.com

Thanx in advance...

@FreakyHaze, i know its not very secure, but it will at least deter stupid people and people who do not know what base64 encoding is.

It was worth a shot, but I might move up to a more secure encryption algorithm.

Here is how I hide my mp3 files

I have a table(protection) in database which consists of the following
user_ip
mp3_id
secure_key
time

lets say the users can listen to my mp3's by opening page listen.php
on this page, I create a secure key using md5 and store user ip address, mp3 file id, the secure key, and the time

I pass to the mp3 player this URL:
get_mp3.php?id=secure_key

now in the get_mp3.php
I get the mp3_id by querying the table Protection using ip_address and secure_key, if a result was returned I make sure the entry is not older than 10 seconds

now I delete the entry in protection table
and get the real mp3 file location and forward it to the user using:

header("location: path/file.mp3");

what I am doing is creating ONE TIME access URL to my mp3 file

I think the only way to break this system is that the user uninstalls flash plugin, so that the access key will not be deleted, but I don't think many users will think about this anyway, and if it took him more than 10 seconds to take the URL out of the html source and paste it in the browser then he will get nothing

@Kahled,

You didn't post your full header() code, but are you also using the no-store headers so the MP3 doesn't end up in the user's cache?

Hi,

Help requested on my question..please....

Hi,

But Rich-Media PHP FLV Player does not stores the file in cache and the flv files can be scrubbed, like flv streaming. So preventing caching of files can be done. But I don't know how ?? View the follwing link:
http://www.rich-media-project.com/products/php_player/sample1.php

@shelley,

They certainly stored the file you linked to in my cache. All 97,756,584 bytes of it.

If you want to watch it from my server, I'll give you a link.

@shelly,

It's really quite easy to prevent caching, you have two choices.

1. Use a RTMP streaming server (FMS or Red5).

2. Use the no-store headers. See this [url=http://www.jeroenwijering.com/?thread=1005]thread[/url], my post of 04.05.2007.

@Will,

But is for music files. Will you explain how it will be for .flv files???
Mime type, etc...???? I am a newbie..Please help..

Will you please help me with this post too...
===========
Hi,

I tried the method provided in the documentation by trying to hide part of the flv URl:
==================QUOTE FROM DOCUMENTATION
Because of the many requests to hide part of the url for media files to prevent stealing, I have added a single line of code to the script in the FLA's timeline. If you un-comment this line (//var prefix = "..."), you can set here a prefix url the players will use for the FLV/MP3/etc. Set this e.g. to the directory where your mediafiles are located (http://www.jeroenwijering.com/uploads/), and then you only have to add the filename of your mediafiles to the flashvars/playlists.
===================

I have uploaded a flv file to blip.tv. My address of flv is something like:
http://blip.tv/file/get/Shelley-TestVideo961.flv

I uncommented the //var prefix and added the URL in the fla file as:
http://blip.tv/file/get/
in action script.

and added the remaining part in playlist as Shelley-TestVideo961.flv

I published the swf as flvplayer.swf ...but I can't see anything..not even the player. I am a flash newbie..What I am I doing wrong. Can somebody help me please.....If you could send me a flvplayer.swf with http://blip.tv/file/get/
in the var prefix (as a zip file to my e-mail, I would be highly obliged.
Please, help me smiley

My e-mail is shelleytvm(at)yahoo.com

Thanx in advance...

shelley

@shelly,

The streaming servers (FMS, Red5) are for media, that can be video (SWF or FLV), music (MP3), or images (JPG, PNG, GIF).

The php fake streamers or progressive download from a server will handle any type of file, although only those listed above will be useful to flash players.

Sorry, I can't help with the change to the flvplayer.swf because I don't have Flash8.

@Khaled,

I used that method too,
but it won't work if you use a playlist.
Do you have a solution for that? I can't find some.

@will
Thanx for reply. But I am not interested in FMS and RED5. Moreover I tried your playlist_readdir_nostore.php. But I am unable to get it to work. But I created a playlist,php like this:
===============
<?php
header("content-type:text/xml;charset=utf-8");
header("Cache-Control: no-store, must-revalidate"); // HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
echo"<playlist version='1' xmlns='http://xspf.org/ns/0/'>";
echo "<trackList>";
echo"<track>";
echo"<title>Lecture1 -Part2 -20 Min:</title>";
echo"<creator>Reproduction in Plants-</creator>";
echo"<location>video/test.flv</location>";
echo"</track>";
================================
and called
s1.addVariable("file","playlist.php");
in my flashvars.
and could avoid caching of playlist

I need to do the same thing with my flv file. I tried it like this:
==================
<?php
header("Cache-Control: no-store, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Content-Type: video/flv");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

........

<div align="left">
<p id="player1"><a href="http://www.macromedia.com/go/getflashplayer">Download the free Adobe Flash Player</a> to view this video.</p>
<script type="text/javascript">
var s1 = new SWFObject("flvplayer.swf?nocache=13:14:44:000","playlist","320","326","7");
s1.addParam("allowfullscreen","false");
s1.addParam("menu","false");
s1.addVariable("file","playlist.php");
s1.addVariable("repeat","list");
s1.addVariable("shuffle","false");
s1.addVariable("autoscroll","false");
s1.addVariable("displayheight","200");
s1.addVariable("showicons","false");
s1.addVariable("lightcolor","0x000000");
s1.write('player1');
</script
</div>
==============
in a file called video.php
But I am geting a message popup that Internet explorer cannot download video.php from 127.0.0.1. It is to do with header("Content-Type: video/flv");

Is it the correct thing I am doing ????

My need is to play the videos in order as shown in playlist.php rather than sorting and creating a playlist dynamically. and I don't want to cache my flv file. Please will you show me the correct way.

Thanx in advance

Shelley

@Shelley,

stream.php

Call it in your playlist like this:

This line:

MUST evaluate to the actual path on your server where the "test.flv" video file is, starting with root. It is not a URI, a relative path, or an absolute path. Adjust it accordingly or else the script "stream.php" won't be able to find the file to open it and stream it.

It may be something like /usr/var/video/test.flv on *nix or \Documents and Settings\Shelley\My Documents\My Videos\video\test.flv on Windows.

Also, notice that I changed the mime type in this line from MP3 to flash video:

@will

Hi Will,
Thanx for reply. But Still not working. I think I have reached close to it.

stream.php
=========
<?php
$file = "\Inetpub\wwwroot\entrance\newvideo\video\" . $_GET["file"];
$fh = fopen($file,"rb");
while (!feof($fh))
{
header("Cache-Control: no-store, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Content-Type: video/x-flv");
header('Content-Length: ' . filesize($file));
print(fread($fh, filesize($file)));
}
fclose($fh);
?>

playlist.php
===========
<?php
header("content-type:text/xml;charset=utf-8");
header("Cache-Control: no-store, must-revalidate"); // HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
echo"<playlist version='1' xmlns='http://xspf.org/ns/0/'>";
echo "<trackList>";
echo"<track>";
echo"<title>Lecture1 -Part2 -20 Min:</title>";
echo"<creator>Reproduction in Plants-</creator>";
echo"<location>stream.php?file=test.flv</location>";
echo"</track>";
.....
....

video.php
===========
s1.addVariable("file","playlist.php");

The video is not showing. I tried all paths. sometimes it shows some numbers changing randomly in the player (%) as if looping.

Quote:
MUST evaluate to the actual path on your server where the "test.flv" video file is, starting with root. It is not a URI, a relative path, or an absolute path. Adjust it accordingly or else the script "stream.php" won't be able to find the file to open it and stream it.
======
Is it correct ??? What am I doing wrong now ????? Please help??

Regards
Shelley

@will

In addition to above details, also there was a html file in my Temporary Internet Files Folder:
http://127.0.0.1/entrance/newvideo/stream.php?file=test.flv

It shows:
Parse error: parse error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php on line 2
Maybe this helps. What is wrong???

Thanx in advance
Shelley

@Shelley,

That error T_... is usually because of a typO, like unmatched pairs of quotes, missing ; at the end of the line, etc.

Line 2 would be this line:

What's happened is that you have inadvertently escaped (made invisible) the double quote after "video". The backslash is an escape character in PHP. Two ways to fix it, put more backslashs there to escape the escapes, or change all of the backslashes to forward slashes.

This:

or this:

I'm using that "stream.php" file right now, so I know it works. Just do the fix - either one, your choice.

@will

Hi,
I tried all the three options psecified by you. But no result. The player is showing some random numbers displayed at the progress bar position and reaches 100% after some tome. Seems like looping???
temporary internet files show:
===========
Warning: fopen() [function.fopen]: Unable to access /Inetpub/wwwroot/entrance/newvideo/video/test.flv in c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php on line 3

Warning: fopen(/Inetpub/wwwroot/entrance/newvideo/video/test.flv) [function.fopen]: failed to open stream: No such file or directory in c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php on line 3

Warning: feof(): supplied argument is not a valid stream resource in c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php on line 4

Warning: Cannot modify header information - headers already sent by (output started at c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php:3) in c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php on line 6

Warning: Cannot modify header information - headers already sent by (output started at c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php:3) in c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php on line 7

Warning: Cannot modify header information - headers already sent by (output started at c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php:3) in c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php on line 8

Warning: filesize() [function.filesize]: Unable to access /Inetpub/wwwroot/entrance/newvideo/video/test.flv in c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php on line 9

Warning: filesize() [function.filesize]: stat failed for /Inetpub/wwwroot/entrance/newvideo/video/test.flv in c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php on line 9

Warning: Cannot modify header information - headers already sent by (output started at c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php:3) in c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php on line 9

Warning: filesize() [function.filesize]: Unable to access /Inetpub/wwwroot/entrance/newvideo/video/test.flv in c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php on line 10

Warning: filesize() [function.filesize]: stat failed for /Inetpub/wwwroot/entrance/newvideo/video/test.flv in c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php on line 10

Warning: fread(): supplied argument is not a valid stream resource in c:\Inetpub\wwwroot\test\entrance\newvideo\stream.php on line 10
========================

Desperate

Thanx in advance
Shelley

@will
@will

Please check my video at
http://www.medicoexams.com/videotest/video.php

It is very slow and is freezing and waiting for the file to download. But it is not cached:

Sream.php
<?php
$file = "/home/medicoex/public_html/video/" . $_GET["file"];
$fh = fopen($file,"rb");
while (!feof($fh))
{
header("Cache-Control: no-store, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Content-Type: video/x-flv");
header("Content-Length: " . filesize($file));
print(fread($fh, filesize($file)));
}
fclose($fh);
?>
======================
Playlist.php

<?php
header("content-type:text/xml;charset=utf-8");
header("Cache-Control: no-store, must-revalidate"); // HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
echo"<playlist version='1' xmlns='http://xspf.org/ns/0/'>";
echo "<trackList>";
echo"<track>";
echo"<title>Lecture1 -Part2 -20 Min:</title>";
echo"<creator>Video 1-</creator>";
echo"<location>stream.php?file=test.flv</location>";
echo"</track>";
echo"</trackList>";
echo"</playlist>";
?>
===============
Video.php

<script type="text/javascript">
var s1 = new SWFObject("flvplayer.swf","playlist","320","326","7");
s1.addParam("allowfullscreen","false");
s1.addParam("menu","false");
s1.addVariable("file","playlist.php");
s1.addVariable("repeat","list");
s1.addVariable("shuffle","false");
s1.addVariable("autoscroll","false");
s1.addVariable("displayheight","200");
s1.addVariable("showicons","false");
s1.addVariable("lightcolor","0x000000");
s1.write('player1');
</script

What is wrong ???? Please help

Shelley

@will

Hi will,
I uploaded another video and it was okay. Someting to do with the file. It was a real media file which I converted to avi and then encoded it to flv. Will this procedure cause corrupted flv files ????

Anyway many, many thanx to you will:). You are amazing!

I just needed one more help, please. How can I include my play list with streaming with file stored at blip.tv ? Something like:
http://blip.tv/file/get/Shelley-TestVideo961.flv

I made the playlist as follows...but not working:
==========
<?php
header("content-type:text/xml;charset=utf-8");
header("Cache-Control: no-store, must-revalidate"); // HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
echo"<playlist version='1' xmlns='http://xspf.org/ns/0/'>";
echo "<trackList>";
echo"<track>";
echo"<title>Lecture1 -Part2 -2 Min:</title>";
echo"<creator>Video 1-</creator>";
echo"<location>stream.php?file=http://blip.tv/file/get/Shelley-TestVideo961.flv</location>";
echo"</track>";
echo"</trackList>";
echo"</playlist>";
?>
==============================
How can I do it ??? And also how can I implement scrubbing in my videos like real streaming???? Help me...

Thanx once again, will..
Shelley

DUC,
please tell how you did it?

@Shelley,

The first of those error messages are telling you that there isn't a file at /Inetpub/wwwroot/entrance/newvideo/video/test.flv. Are you sure that is the correct path and that there is really a video file there?

The rest of the error messages relate to the non-existant file and the fact that messages were sent before the headers so the headers can't be sent. They will ALL go away if "stream.php" can access the file.

I guess you've moved things around because I can't access anything at http://www.medicoexams.com/videotest/video.php.

The blip.tv file would be accessed like this:

Video conversions often don't work until you find that "magic" combination of settings that does the job. My son and I tried 12 conversion programs and hundreds of settings until we found out how to correctly and reliably convert video files to .wmv for his Zune player. It's sort of a black art, you know, voodoo magic or whatever.

You should have a stand-alone video player installed to test the files after you convert them. I highly recommend [url=http://www.videolan.org/]VLC[/url] because it seems to reject the improperly encoded videos and it plays almost every format.

As for conversion to FLV. I've had good results with some versions of ffmpeg, [url=http://freshmeat.net/projects/winff/]WinFF[/url], and [url=http://www.rivavx.com/index.php?encoder&L=3]Riva[/url]. WinFF and Riva use ffmpeg to do the work, so they are subject to the same troubles that plague ffmpeg until you find a good version. Lots of help here [url=http://www.videohelp.com/tools/WinFF]www.videohelp.com/tools/WinFF[/url].
You can also try [url=http://sourceforge.net/projects/mediacoder/]MediaCoder[/url], [/url=http://www.erightsoft.com/SUPER.html]SUPER[/url], and [/url=http://www.videohelp.com/tools?toolsearch=flv]many others[/url]. And get [url=http://labs.adobe.com/technologies/flvcheck/]flvcheck[/url] from Adobe to check your encoded flv files. Maybe one of those will bring you some joy.

To get the video to scrub, it has to have metadata injected into the video file. You can get a metadata injector here [url=http://www.buraks.com/flvmdi/]FLVMDI[/url]. Run it after you convert the flv.

On the subject of paths.

This is a URL: http://www.medicoexams.com/videotest/video.php
It consists of the protocol "http://" the domain "www.mdeicoexams.com" and the URI "/videotest/video/php". It is only good for Internet applications accessing a server.

Within an Internet application, say some html like: http://www.medicoexams.com/videotest/index.html
you can have full URLs: http://www.medicoexams.com/videotest/video.php
relative paths: videotest/video.php (notice no leading "/" - relative to the location of the file (index.html) referencing it. In this case, relative to the location of "index.html".
absolute paths: /videotest/video.php (notice a leading "/" - absolute path from the server's DocumentRoot)

Then there are PHP scripts and other programs running on the server. Their paths are operating system paths or virtual paths if you are on a multi-host server.
They start at the operating system root, the first "/", and are the same path that you would use to access a document or file from an application running on the server or computer. There are also operating system relative and virtual paths, but let's not go there.

It is always best if you use full URLs or full operating system paths until you have an application running. Then you can change (and TEST, TEST, TEST) to relative paths for ease of web site maintenance.

For Internet applications, you can always put the full URL into your browser's address bar and test the access to the file.
Like this:

http://www.medicoexams.com/videotest/video.php (your page containing the player)
http://www.medicoexams.com/videotest/flvplayer.swf (the Flash player)
http://www.medicoexams.com/videotest/playlist.php (the PHP playlist)
http://www.medicoexams.com/videotest/stream.php (the PHP streamer
http://www.medicoexams.com/videotest/image.jpg (if you use a preview image)
http://www.medicoexams.com/videotest/song.mp3 (if you have audio)
http://www.medicoexams.com/videotest/test.flv (if the file is in a web-accessible directory)

Adjust the URL accordingly and everyone of those links should work. If they don't, your application won't work either.

So, where are your files now? I can't access anything to test it for you?

Puzzled???

version 0.1b with my typOs fixed ;)

@Shelley,

The first of those error messages are telling you that there isn't a file at /Inetpub/wwwroot/entrance/newvideo/video/test.flv. Are you sure that is the correct path and that there is really a video file there?

The rest of the error messages relate to the non-existant file and the fact that messages were sent before the headers so the headers can't be sent. They will ALL go away if "stream.php" can access the file.

I guess you've moved things around because I can't access anything at http://www.medicoexams.com/videotest/video.php.

The blip.tv file would be accessed like this:

Video conversions often don't work until you find that "magic" combination of settings that does the job. My son and I tried 12 conversion programs and hundreds of settings until we found out how to correctly and reliably convert video files to .wmv for his Zune player. It's sort of a black art, you know, voodoo magic or whatever.

You should have a stand-alone video player installed to test the files after you convert them. I highly recommend [url=http://www.videolan.org/]VLC[/url] because it seems to reject the improperly encoded videos and it plays almost every format.

As for conversion to FLV. I've had good results with some versions of ffmpeg, [url=http://freshmeat.net/projects/winff/]WinFF[/url], and [url=http://www.rivavx.com/index.php?encoder&L=3]Riva[/url]. WinFF and Riva use ffmpeg to do the work, so they are subject to the same troubles that plague ffmpeg until you find a good version. Lots of help here [url=http://www.videohelp.com/tools/WinFF]www.videohelp.com/tools/WinFF[/url].
You can also try [url=http://sourceforge.net/projects/mediacoder/]MediaCoder[/url], [url=http://www.erightsoft.com/SUPER.html]SUPER[/url], and [url=http://www.videohelp.com/tools?toolsearch=flv]many others[/url]. And get [url=http://labs.adobe.com/technologies/flvcheck/]flvcheck[/url] from Adobe to check your encoded flv files. Maybe one of those will bring you some joy.

To get the video to scrub, it has to have metadata injected into the video file. You can get a metadata injector here [url=http://www.buraks.com/flvmdi/]FLVMDI[/url]. Run it after you convert the flv.

On the subject of paths.

This is a URL: http://www.medicoexams.com/videotest/video.php
It consists of the protocol "http://" the domain "www.mdeicoexams.com" and the URI "/videotest/video/php". It is only good for Internet applications accessing a server.

Within an Internet application, say some html like: http://www.medicoexams.com/videotest/index.html
you can have full URLs: http://www.medicoexams.com/videotest/video.php
relative paths: videotest/video.php (notice no leading "/" - relative to the location of the file (index.html) referencing it. In this case, relative to the location of "index.html".
absolute paths: /videotest/video.php (notice a leading "/" - absolute path from the server's DocumentRoot)

Then there are PHP scripts and other programs running on the server. Their paths are operating system paths or virtual paths if you are on a multi-host server.
They start at the operating system root, the first "/", and are the same path that you would use to access a document or file from an application running on the server or computer. There are also operating relative and virtual paths, but let's not go there.

It is always best if you use full URLs or full operating system paths until you have an application running. Then you can change (and TEST, TEST, TEST) to relative paths for ease of web site maintenance.

For Internet applications, you can always put the full URL into your browser's address bar and test the access to the file.
Like this:

Adjust the URL accordingly and every one of those links should work. If they don't, your application won't work either.

So, where are your files now? I can't access anything to test it for you?

Puzzled???

@Shelley,

You could use this version of stream.php to help you see what is happening on your server.

Uncomment ( remove the double slashes "//" ), the print and exit statements and then call "stream.php" in your browser like this:

The returned information may help you straighten out your paths.

@will,

With the stream.php does it affect the serer load much?

@spid3r,

"stream.php" just does a simple file read and print, pretty much the same as the server software would have to do, so I haven't noticed any increase in load.

@DUC
Please share with us how what are your methods. Thanks.

@FreakyHase
Have you figured out how Duc did it. Thanks.

@blyzz,

Duc is using an RTMP streaming server to make it harder to capture his media files and he is probably doing a simple table lookup (or maybe just renamed his files) to get the file name for the RTMP server.

His playlist is right on the front page of his site:

You can request and play his music like this: (just change the ID to the song that you want)
[code}
<html>

<head>

<title>flvplayer</title>

<script type="text/javascript" src="swfobject.js">
</script>

</head>

<body>

<h3>streaming download, single file, with preview image:</h3>

<div id="flashcontent">
<a href="http://www.macromedia.com/go/getflashplayer">Get the Flash Player</a>
to see this player.
</div>

<script type="text/javascript">
var playertype = "song";
var id ="14614";
// <![CDATA[
var so = new SWFObject("http://music.vuilen.com/swf/VuilenMusicPlayerw1.005.swf", "VChat", "333", "250", "7,0,0,0", "#FFccFF");
so.addVariable("playertype", playertype);
so.addVariable("id", id);
so.addParam("scale", "noscale");
so.addParam("salign", "lt");
so.write("flashcontent");
// ]]>
</script>

</body>

</html>

But you can't capture his music unless you have one of those RTMP stream recorders like Replay A/V or FLVRecorder or you know how to use FMS or
Red5 to request and record an RTMP stream.

@Will

Thanks for the quick respond. So essentially, Duc's method still cannot effectively prevent leeching but just made it harder for average leecher? You mentioned Replay A/V and FLVRecoder, these are very readily available (pirated) on the net, so we are back to square one on prevention.

I hope there are methods developed soon other then going full DRM. Thanks

What about this php stream script :
<?php
function stream_it($filename) {
$block_size = 1*(1024*1024);
$stream_data = '';
$file = fopen($filename, 'rb');

if ($file === false) {
return false;
}

while (!feof($file)) {
$stream_data = fread($file, $block_size);
echo $stream_data;
}

$result = fclose($file);
return $result;
}

function validatefilename($filename){
$result = $filename;
$result = strip_tags(stripslashes($result));
$result = strip_tags($result);
$result = str_replace("\n", "x", $result);
$result = str_replace("\r", "x", $result);
$result = str_replace("\t", "x", $result);
$result = str_replace("\\", "x", $result);
$result = ereg_replace("\.+/", "x", $result);
$result = ereg_replace("\.\.","x",$result);
$result = ereg_replace("^[\/]+", "x", $result);
return $result;
}

if ($_REQUEST['path'] <> "" ) {
$thefile = validatefilename($_REQUEST['path']);

header("Pragma: public" );
header("Expires: Thu, 19 Nov 1981 08:52:00 GMT" );
header("Cache-Control: must-revalidate, post-check=0, pre-check=0" );
header("Cache-Control: no-store, no-cache, must-revalidate" );
header("Content-Type: audio/x-mpeg, audio/x-mpeg-3, audio/mpeg3" );
header("Content-Length: ".@filesize($thefile));

stream_it($thefile);

exit;
}
#################################################################
let's name it stream.php
the playlist should be look in the location like this :
<location>stream.php?path=song.mp3</location>
that works !!!
but i cannot play the mp3 file outside, in my other server :
<location>stream.php?path=http://myserver.com/folder/file.mp3</location>
any deal guys !

@Rima

i guess you switch it around in the location tag.
i.e. <location>http://myserver.com/folder/stream.php?path=file.mp3</location>

sorry for double posting.

@Will

Just wanted to say thanks for the no-cache script.
Works like a charm :)

@owl,

You are welcome, and thanks for posting back here. It helps immensely to hear what works and especially, what doesn't work (then we can fix it).

And that stream methods, please put it on your site, but I can say you the url of the MP3.

@Will

yeah.. it took me quite a while to get it up and running tbh, but then again I'm quite the php n00b :)
I tested most of the other streaming scripts as well, but yours was the only one doing the job properly. At least from what I could tell.

---

I know it won't stop people from getting what they want if they really really want to, but my guess is it makes it enough of a hassle to deter most. And until one of you figure out some foolproof (besides recording it in WaveLab or whatever) way, /me looks at FreakyHase :P , I'd say it's the way to go :)

Good job everyone and keep at it! :)

O

ok i have my player working with stream.php?file=video.flv This works and well. The files are located outside my web root so only this script will be able to access them. But how do i protect this script so that people dont just put that in the url line and are able to dl my movie?

i have tried:

and

and neither one works. stream.php will only respond with what it should be responding when the script is accessed directly on the url.

@tgpfarm,

The next step for you is to use a set of no-store headers when you deliver your playlist. Search this thread for how to do that.

None of these methods are 100% protection. We are only trying to make it hard for the casual user to get a copy of your media.

A knowledgable user will ALWAYS be able to get a copy of your media content. If it is especially valuable, only make a short clip available.

no i already have that.

this is my stream.php

as i said before, this works and good because the files are outside my webroot meaning that only this script can get to the files.

but it also means that if a user views the source and sees:

they can then do this:
www.mysite.com/stream.php?file=video.flv and download the file!
I need to stop the user from being able to access the php file directly from the url but allow my web page to be able to access it!

thanks

Please re-read my post.

"The next step for you is to use a set of no-store headers when you deliver your playlist."

By also using a playlist that is not cached, you make the user get the playlist, then get the stream URL from the playlist. Just one more step to deter the casual user. You will NEVER stop the knowledgable, determined user.

If I listen to your music or view your video, it is already downloaded to my computer. We are just keeping the media and the playlist from being cached by the browser.

i dont want to use a playlist, each file is accessed by a thumbnail of the video and the player is reloaded with the new video url.
such as:

if you want to see the site i am talking about, hit up my icq at 366621126

and i know that you cant completely protect content, i just want to stop it from being really easy.

You could encrypt/decrypt the filename like Shelley is doing in this thread [url=http://www.jeroenwijering.com/?thread=3163]Streaming FLV with playlist[/url]. See my post of 07.06.2007 for the final code.

By messing around with the key, the '3' in this line:

you can make it much harder for someone to find your filename and download your media.

i am not understanding how that would help will.

maybe i am not being clear enough, i do that alot. :$

there is a thumbnail of the video clip on the site, the onclick of this picture calls:

passing something like /path/to/file/foo.flv

then a new media player is created with the correct file the user wants to view. then the player calls stream.php the the path to start the streaming of the video.

and even if i were to encode the file name an pass the encoded file name to stream.php, a user would be able to do the same thing, because stream.php would have to decode the file name in order to know that file to use.

The point that I think you are missing here is that you can't make it impossible for the user to get the media.

But, you can make it difficult, so difficult that the average user will give up.

Another thing I've seen sites do, is put an encrypted key generated from date & time in another JavaScript file. You could make that key expire in a short period of time so that the user would have to get the JavaScript file with the key and use it within a short period of time to be able to download the video file. Again, not impossible, just one more thing that the user would have figure out and do before he could download your file.

Like this:

Encrypted file name: j3c-k4=dye

Key from encrypted date & time: a;ejfq34ty04wenvo[idhf2hf9h23gfaHFQBVCFH9F

JavaScript file: moveObject.js
Contents of moveObject.js: var ppush='a;ejfq34ty04wenvo[idhf2hf9h23gfaHFQBVCFH9F'

<script type="text/javascript" src="moveObject.js"></script>

<script type="text/javascript">
function loadPlayer(fil)
{
blah, blah, blah
so.addVariable('file',fil);
blah, blah, blah
so.write('player');
}

In your link: <a href="javascript:loadPlayer('stream.php?file=j3c-k4=dye'+ppush)">Load Video File</a>

When stream.php received the request for file=j3c-k4=dyea;ejfq34ty04wenvo[idhf2hf9h23gfaHFQBVCFH9F

stream.php would check to see if the key had expired (could expire in 10 seconds). If the key was still valid, stream.php would stream the file name that it decrypted from "j3c-k4=dye".

Put a bunch of junk .js files in your <head> so the user would have to open and examine each one of them looking for "ppush".

Make it a lot of trouble and 99% of the users won't bother.

The other 1% you will never stop.

yeah will that sounds like a better idea, or it finally clicked with me. i will just have to pass some more vars that are like keys

Yeah, confuse the hell out of them.

Anyway, if you need any help implementing the systems that I have described above, ask here. :)

Hi, I have a problem, flash mp3 player don`t load file complete.

do you know?

my web is http://alfonso.phpnet.us

thank you very much

Your Flash player code is OK.

Your playlist.xml is missing the first line which must be:

Refer to the XSPF playlist specification here [url=http://www.xspf.org/xspf-v1.html#rfc.section.1.1]www.xspf.org[/url] for more details.

Fixing your playlist may solve your problem. Otherwise look for a problem on your server (there is a long time delay before the mp3 file starts to download).

Try using the full URL to the song in your playlist, like this:

I think the problem is in my server, because the other flash doesn`t load.

In My localhost all is ok

thank you very much

I think I could a okay way to stop people from downloading song off my website.

What do you guys think will that be enough? I am thinking if the file is in the cache they can have it but if they try to request the file again they cannot download it from server.

this php file generate the playlist

this is the streaming php file called stream.php

Set cookie in the playlist generation process so that it will allow the stream.php will only stream the requested file within 5 seconds. because it will take less then 5 second for the player to request the file from the stream.php file so the it will be able to play the file. Do you guy think there will be any problem in this working out?

Hi everyone,
i got a big problem with caching as well. I just found out, the very very old HTTP-Proxy Naviscope messes alot with caching mp3s. I also played a little with the mp3 player for my bands site and just couldn't get rid of the mp3s in my cache... they just downloaded again if i clicked the player... i set up all the precautions mentioned here and it still doesnt work. If I disable that little Proxy (blocks Ads and preloads links for faster surfing) those files won't be downloaded to the browsers cache. Any Ideas how to prevent this? It also works on some other music portals i found out... myspace i.e.. The file is not actually mp3 but a php-file with the exact same size as the mp3 and if you rename it your favourite player will play it... if i can do it, everyone else can as well and that is actually not intended.
hope to get some replies
greets from germany

update:
little update it is also listed as an mp3 file...
if you want to check it out http://www.papercutmusic.de/audio.php

I have been using JeroenW's player probably since the first player and have thought about the download problem but never found a solution. The "only" type of compressed audio format that doesn't really have an online player is OGG format while keeping the same audio quality as mp3.

I'm wondering if Jeroen can take a bit of time thinking about an OGG player. This can discourage people from getting the songs.
If there is 1 billion people that can play mp3s there are 3 people or less that can play OGGs :)

PS: Jeroen, if you make the player, I guaranty you'll be the first one making the nicer OGG player on planet earth.

:d

hi, this is the simple answer to your problems.. edit the track so that it has lower kbps (less quality)so that even if people download it they will still want the high quality version. Thats the easyest way and has been done on lots of big sites such as...

undergroundhiphop.com
uploadaporn.com
soundclick.com

hope that helps buddy!

yes I have heared about this wonderful technique that "chris" speaks of,
www.uploadaporn.com is the perfect example you can upload / download a porn ( pornographic database ) all free but you also have access to the sound page wich uses that great way of listening to your favorite porno audio! ;) #) :d

I am testing these techniques in IE and Firefox and Firefox works different that IE when it caches the data.
Do you know which are exactly the differences?

Thank you. ;)

i thinks to protect it well you should use an js file javascript to encode file 's path
I see here a soft it protect file so well and i can't download music from that site http://music.vuilen.com/play.php?albumid=999&songid=11702
its frame http://music.vuilen.com/player.php?playertype=c29uZw==&id=MTE3MDI=
its use swfobject http://blog.deconcept.com/swfobject/
you can use it to protect file
any body can dowload music from that site can email link to me Ninja_salaiyang@yahoo.com thanks
you are very very excelent

If it is encoded with JS it can also be decoded. JS runs clientside so it is not safe at all.

If the song is playable by the player the source is discoverable. Even if it was by using a Sniffer plugin for your browser. Any URL that can be downloaded by the player is downloadable to a file.

i have a "funny" solution:

var i49r81g45='/';var u29h17h='.'; var s984210='e'; var u59j203lI32=':';var k538219='-'; var j582f289521='p';var t29421='t';var i53282='str' + s984210 + 'am';var u20o27m19 = 'h' + t29421 + t29421 + j582f289521 + u59j203lI32 + i49r81g45 + i49r81g45 + i53282 + u29h17h + 'domain' + k538219 + 'name' + u29h17h + 'd' + s984210;var k68g788bs = u20o27m19 + i49r81g45 + j582f289521 +'l' + i49r81g45 + 'file' + k538219 + 'name';
...
s2.addVariable("file",k68g788bs);

         ROFL :d LOL

http://stream.domain-name.de/pl/file-name

:d :d

possible ideas here:

http://www.adobe.com/devnet/flashmediaserver/articles/protecting_video_fms.pdf

Feel free to waste your time trying since the files are saved to the cache. ;)

... and you can also capture the files while downloading, for example by using HTTPwatch

:d Funny solutions often work! ;)

Where you store the files you wish to protect, add the following .htaccess file (below).

It will forbid access to specific file extensions based on the existence of a cookie. So, on your player page, simply set the cookie without an expiration date (so it's a session based cookie) and you're done... if someone tries to leech the files without that cookie, they get nothing. If they have the cookie, they have at least been to your player page...

If someone uses a leeching program, the likelihood of them realizing the need for a cookie to access basic files, in minimal at best. (especially if you set the cookie as session based and do so with PHP/ASP as opposed to JS)

The reason to go with this method is because flash players don't send back valid referrer information, which would otherwise be a reasonable means of protecting files. Alternatively you could restrict to a specific user agent as well, but it seems excessive.

<?php
// PHP to set the cookie
@setcookie('ma','allowed');
?>

<script type="text/javascript"><!--
// JS to set the cookie
document.cookie = 'ma=allowed;'
//-->
</script>

#------------------------------------
#-- .htaccess --
#------------------------------------
RewriteEngine on
Options -Indexes
RewriteCond %{REQUEST_FILENAME} .*\.jpg$ [NC,OR]
RewriteCond %{REQUEST_FILENAME} .*\.gif$ [NC,OR]
RewriteCond %{REQUEST_FILENAME} .*\.png$ [NC,OR]
RewriteCond %{REQUEST_FILENAME} .*\.mp3$ [NC,OR]
RewriteCond %{REQUEST_FILENAME} .*\.xml$ [NC,OR]
RewriteCond %{REQUEST_FILENAME} .*\.avi$ [NC]
RewriteCond %{HTTP_COOKIE} !ma=allowed [NC]
RewriteRule .* - [F]

Supposedly, the latest Flash plugins v9.0.45.0 and up, DO send valid referrer information, but I haven't tested them extensively.

Hi, some one told me about this site- I was looking for a way to add music to my site. I would like to ask several questions on how to do this. Is that ok?
How much does it cost?
Is the software for it hard to install?
THanks so much.
ANna:)

use HTML encrypter, encrypt you object code into javascript code, you could find it at iwebtool.com free. i use the same thing best of luck with it.

hi i use a flash player right now and i don't want anyone to be able to download my music because i need to be able to sell it

@beats,

Then only let your users listen to a short clip, 30 seconds or so. Otherwise, we OWN your music. It's the only practical way to prevent downloading.

But consider that once one copy gets on the P2P networks, it's "Game Over!", so maybe you should consider a different business model. Crazy T-shirts seem to do well.

But it remains that you can download the stream script, so you can rename it and the video/mp3 is saved...
Some ideas howto block this? kiwi seems to have it.

--

Solved with cookies!

If you are using Apache and are able to install custom modules into your installation you could try mod_auth_token. See http://modules.apache.org/search?id=985 for details.
It uses a secret passphrase and timestamp coded into the URL to limit access - I've made good experiences with it to prevent my video files from leeching

someone has an idea to set the timelimit with cookies without Autoplay?

Hi all,

I've been reading thru this entire thread, and seen some very good ideas on how to keep out the not-so-nerdy type of people trying to leech..

As I am no code-guru myself I've so far implemented this solution.
Only thing it really does is confuse and slow down people who think they can just read the source-code and grab what they want.
In other words; - this is a very simple solution, and are in no way suitable for ppl with serious needs of hiding their files..

In my Wordpress 2.2 install, this is what it looks like;

1. I used HTML Encrypter from www.iwebtool.com, and initialize the player like this;

2. Moved the .mp3's to a folder nowhere near the .xml-playlist. I don't have access to folders above web root on my server, so instead I put the files deep within the wp-includes dir., and named the folders like they were WP-dependent dir's... Wordpress users will know what I mean.
/wp-lookup/wp-cron/wp-config/wp-authentication/file.mp3

3. I put .htaccess files restricting Directory Listing in every folder that has information about anything player-related, and then put up a page telling them how naughty they are..

4. In my HEAD section i link to 13 different javascripts, and named 'swfobject.js' to something not so obvious...

- Of course, only the last 4 scripts and 1 of the '/js/formmail/'-files actually contain bytes.. :p

Yes, all of this is bogus encryption, and only resolves looking at source-code..
So, I'd like to ask the tech-savvy; - Which method in the above replies, should I utilize to prevent caching??
I'm a front-end developer by trade, PHP is rather new to me.. Still, I'm not one to back down if touching the back-end is necessary to prevent caching.. #)

Sorry for such a long post, but I hope it helps others looking for the 'quick solutiuon'.. :d(b)

Cheers,
Casper

There's a good old trick here for swf files that puts a check for the server within say first 15-30seconds and if check fails it will redirect.

http://board.flashkit.com/board/showthread.php?t=188830

I just checked you can still download the zip file 3pirates put there..maybe some variation of that could be implimented.

Also, not totally technical and haven't dealt with scripting in awhile but couldn't you place the playlist into a database???

T

Hey Toua, I test your idea of php file generate playlist on ehmongmusic.com and it work wonderfully. I'm also in the stage of working on something like his. So far, I can't get it right. Can you share your knowledge of how your flash_file.php work and how you prevent it from display outside of the Flash player? Any help would be greatly appreciated...I really need to get my site going. Thanks again Toua. Good job!!! ;)

Steve

CHALLENGE:
Any of you don't believe me, see if you can get the XML (not the location of the MP3) file out of this sample page:
http://www.ehmongmusic.com/flash_file.php?id=123

Done year or two ago http://jcuisis.sourceforge.net. Although it requires you to adapt it say xml or mp3 by using PHP. So when the player requests the file *.mp3 a php script by extension mp3 can be called. You need to tell Apache using Addtype that mp3 is php. Then use the phpmysql to fake the headers of mp3 and let it play back. It is still progressive but atleast the file cannot be downloaded directly by guessing.

Just my 2 cents

Can we use an XSLT stylesheet to hide the contents of the XML file? Or better still redirect the XML file to another page if opened on the browser?

@FLV Monster - the playlist would still be in the users browser cache, so nothing would be gained anyhow...

@andersen: I think I got it to work.

1) I've added a XSLT stylesheet to hide the immediate contents of the XML file from the screen
2) I've set it so there is no-cache kept
3) In the XSLT stylesheet I've set it to do a meta redirect after 0 seconds to the index page.

Now, no body can see the XML file because in a split second it has already redirected and there is no cache kept. I think the only way to download it is if you use a download manager to directly download the playlist which is now making it hard for users.

I'll need to think of how to stop people from using download managers.

@FLV Monster - what then when the browser is set to not execute stylesheets?

@andersen - I didn't think of that, but I'm sure the majority of people haven't disabled stylesheets

Please help, I am getting the following error message

Warning: Cannot modify header information - headers already sent by (output started at c:\Inetpub\wwwroot\test\onelotio\newvideo\stream.php:3) in c:\Inetpub\wwwroot\test\onelotio\newvideo\stream.php on line 6

Warning: Cannot modify header information - headers already sent by (output started at c:\Inetpub\wwwroot\test\onelotio\newvideo\stream.php:3) in c:\Inetpub\wwwroot\test\onelotio\newvideo\stream.php on line 7

Warning: Cannot modify header information - headers already sent by (output started at c:\Inetpub\wwwroot\test\onelotio\newvideo\stream.php:3) in c:\Inetpub\wwwroot\test\onelotio\newvideo\stream.php on line 8

Warning: filesize() [function.filesize]: Unable to access /Inetpub/wwwroot/onelotio/newvideo/video/test.flv in c:\Inetpub\wwwroot\test\onelotio\newvideo\stream.php on line 9

Warning: filesize() [function.filesize]: stat failed for /Inetpub/wwwroot/onelotio/newvideo/video/test.flv in c:\Inetpub\wwwroot\test\onelotio\newvideo\stream.php on line 9

Warning: Cannot modify header information - headers already sent by (output started at c:\Inetpub\wwwroot\test\onelotio\newvideo\stream.php:3) in c:\Inetpub\wwwroot\test\onelotio\newvideo\stream.php on line 9

Warning: filesize() [function.filesize]: Unable to access /Inetpub/wwwroot/onelotio/newvideo/video/test.flv in c:\Inetpub\wwwroot\test\onelotio\newvideo\stream.php on line 10

Warning: filesize() [function.filesize]: stat failed for /Inetpub/wwwroot/onelotio/newvideo/video/test.flv in c:\Inetpub\wwwroot\test\onelotio\newvideo\stream.php on line 10

Warning: fread(): supplied argument is not a valid stream resource in c:\Inetpub\wwwroot\test\onelotio\newvideo\stream.php on line 10

Please help me install it on my [url=http://onelotion.info/]article directory[/url] site. I want to provide my visitors some great benefits.

Kevin

Professional Freelancer

I ---- Myself, do not know of any way to stop your songs from getting copied.
The songs are downloaded as they are played - All I would have to do is open my
temparary internet files -- arrange by type -- and copy all music files from there to
a temp folder. Been doing it for years.

In another post, someone suggested me to try Orbit Downloader...
It makes everything unuseful. Every stream can be saved with one click.
I was building a complex structure to make the life harder to the leechers, but this way it's really unuseful speding hours to find the perfect mix of protections, as one click is enough to download everything!

Now I'm thinking about a streaming server with SSL encryption, may be it's safe enough. Does anyone know something more about this topic?

Nice and very long conversation; but; really; you can always get to the source file by cache or download manager. I have never ever not got a file i wanted. And believe me, i am not a very good hacker. But i do know my way around in windows and google!

how abot making it so that when someone uses about:cache?device=memory to hack your site they get the eicar test virus instead. i would have it have the same title as the song. when they download it their anti virus (if they have any will go beserk delete or quarrentine the file and then that persn wouldnt be able to play the file at all

You can use http://www.whatmp3.net to download free mp3's.
I also use http://lyrics.whatmp3.net/lyrics/eminem.html to find more music.

<a href="http://lyrics.whatmp3.net/lyrics/eminem.html"> Eminem Lyrics</a>

<a href="http://www.whatmp3.net/amy+whinehouse.html">Amy Whine House Mp3 download</a>

Just things like that..

i've had success using the Hivelogic Enkoder to disguise my file url.
http://hivelogic.com/enkoder/form

Create two directories - one that has the mp3 files lets call this directory "music" and has a .htaccess with one line it in
deny from all
Put all your mp3 files in there - they cannot be directly downloaded due to the htacess deny rule

They create the other directory say "player" with the swf file and the index.php as follows:
<?php
$fileonly=$_GET['param'];
$fileonly=str_ireplace("..","",$fileonly);
$fileonly=str_ireplace("/","",$fileonly);
$fileonly=str_ireplace(" ","_",$fileonly);
?>
<embed
src="mediaplayer.swf"
width="640"
height="480"
allowscriptaccess="always"
allowfullscreen="true"
autostart="true"
flashvars="file=get.php?param=<?php echo $fileonly; ?>&showstop=true&autostart=true&bufferlength=3"
/>
</p>

Place the mediplayer.swf file in this directory

Create another file in this same directory that streams the file called get.php
<?php
$subdir= str_replace("play.php","",$_SERVER['PHP_SELF']);
$file= "http://".$_SERVER['HTTP_HOST'].$subdir.$_GET['param'];
//echo "Playing file :".$file;
$fileonly=$_GET['param'];
$fileonly=str_ireplace("..","",$fileonly);
$fileonly=str_ireplace("/","",$fileonly);
$fileonly=str_ireplace(" ","_",$fileonly);

$file="../music/".$fileonly;

header('Cache-Control: no-cache');
header('Cache-Control: no-store');
header('Pragma: no-cache');
header('Content-Type: audio/x-mp3');
header('Content-Length: ' . filesize($file));

$fh = fopen($file,"rb");
while (!feof($fh)) { print(fread($fh, filesize($file))); }
fclose($fh);
?>

Now you can just link to your mp3s as http://hostnamewhatever.com/player/index.php?param=mymusicfilename.mp3

All set.

download and install Orbit Downloader

"All your song are belong to us"

Sorry had some unnecessary code in my past post.
Here is the better one

Create two directories - one that has the mp3 files lets call this directory "music" and has a .htaccess with one line it in
deny from all
Put all your mp3 files in there - they cannot be directly downloaded due to the htacess deny rule

They create the other directory say "player" with the swf file and the index.php as follows:
<?php
$fileonly=$_GET['param'];
$fileonly=str_ireplace("..","",$fileonly);
$fileonly=str_ireplace("/","",$fileonly);
$fileonly=str_ireplace(" ","_",$fileonly);
?>
<embed
src="mediaplayer.swf"
width="640"
height="480"
allowscriptaccess="always"
allowfullscreen="true"
autostart="true"
flashvars="file=get.php?param=<?php echo $fileonly; ?>&showstop=true&autostart=true&bufferlength=3"
/>
</p>

Place the mediplayer.swf file in this directory

Create another file in this same directory that streams the file called get.php
<?php
$fileonly=$_GET['param'];
$file="../music/".$fileonly;

header('Cache-Control: no-cache');
header('Cache-Control: no-store');
header('Pragma: no-cache');
header('Content-Type: audio/x-mp3');
header('Content-Length: ' . filesize($file));

$fh = fopen($file,"rb");
while (!feof($fh)) { print(fread($fh, filesize($file))); }
fclose($fh);
?>

Now you can just link to your mp3s as http://hostnamewhatever.com/player/index.php?param=mymusicfilename.mp3

All set.

If anyone can break this one do post here.
Also, this was designed for video not really audio as many have pointed out you can record what streams out of your speakers anyway.
But if you want people to stop downloading files without much hardwork, this should work.
Obviously your hosting provider should allow you htaccess access and allow fopen and not have any weird mimetypes screwing up the streaming in get.php

OK...

So we need a link to your player and an email address that we can email the video/audio files back to.

Sir,
I am a houe-wife and a nobis in internet connection and its application. Of late, I have taken a BSNL Broad Band internet connection - in the name of Home Plan 250. As per the agreement with the BSNL, in respect of the said plan, I am entitled to get 1 GB free download. But in effect it is seen that the monthly details prepared by the BSNL shows the figures for Downloading and Uploading. What is the meaning and/or impact of this. Besides, whenever I am opeing a website, it is downloading (Say, Moneycontrol.com, Myiris.com, Yahoo.com etc) against my will. Does such downloading have an impact of my monthly bill and/or free downloding limit of 1 GB - stated above. Does this , in other words, mean that whenever I will open a website I have to pay for the downloading. If it is the rule then I have nothing to say. Else, how I can get read of such downloading. Further surfng a website means automitic downloaidng to be accepted by the user, herein, myself and as a result the BSNL authorities will charge me for the same. In the context I would fervently pray to your kind and sagacious self to help me get rid of the peculiar situation for which I am being debited against my will.
Yours faithfully,
Madabi Lata Sinha,
Mistripara Lane, Bolpur, P.O.: Bolpur, Dist.: Birbhum, West Bengal, PIN: 731204, Mob: 9434220984.

@M.L.Sinha

yes, whenever looking at a page on the internet you have to download an amount of data -
if you look at videos, that can amount to quite a lot of data download! (ca. 50 youtube videos = 1 GB)

when i check this page:
http://www.broadbandsindia.com/
it would seem you have to pay 0.9Rs for every extra MB above the 1 GB (ca. 20Rs for a youtube video)

so better watch out for the bill - and checkout that tariff page for yourself also and contact BSNL to make sure you both agree on how to interprete the billingsystem !

If I can listen to it on my computer, I can make a digital copy of it. Even you any of you can figure out how to prevent me from getting your .mp3 file, I can still hook my digital audio output to a digital recorder, and I have a prefect digital copy of your music. Or I can run a virtual sound card (Google it) and record it directly to disk.

Same thing with video. If I can see it, I can record it. Can't break that latest DVD? Heck, I don't want the 4GB copy protected source anyway, right? So you hook a very good HD camera up to to record off a very good HD set, connect the audio line out to the line in on the HD cam, and you get a copy that is as good if not better than most 700MB DIVX's posted about.

Point is, if you want people to enjoy your works then you can make it more difficult but you can never make it impossible to get copies of your works.

I'm aware of this - so what we do is put the video and audio files onto one server in a deep location. We password protect the cgi html page that the player is on. It is also HTTPS only. The embedded xspf playlist is generated off a token/cookie that is passed to a CGI script. So they log in, the page is loaded via CGI, the playlist is dynamically created off of SQL tables based off their cookie, and the XSPF links back to the other web server.

Next step -- the audio/video files can be in a directory which only the server has access to, not anonymous web users. A script outputs the audio/video based on the users token. Use a format which most users can not directly play -- flv for example. While VLC plays it, most people won't figure that out. Of course, our goal is to interact with the user after he is done with the files. It's not the end of the world if they end up on P2P sites.

One thing to note, and not sure if it is mentioned already, but look at how napster delivers their audio on their free.napster.com website. They use alot of javascript, and some how dont store the audio onto ur pc. i could be wrong about this.

I guess the point is still being lost, so I'll repeat it.

If I watch or listen to your media, I've already downloaded it. The only thng in question is; do I choose to save it permanently or not.

Clipped or pinged media is the only way to protect it. And, if pinged media becomes common, someone will make a ping remover.

mmmm what about if you make the perm. to : 750 ?
I tried and i cant even go into my folder but my mp3 player still plays everything. (Not this software i dont use it hehe).

I wont be back here to check cya!

I'm getting a "x-flash-version" request header when the media file is fetched through the player.

Any idea if it's something that can be relied on for minimal download protection (i.e., deny access when not present)?

http://muziek.rapmaster.nl/doggs/RapMaster.NL%20-%20Doggs%20Ft.%20Kabal%20-%20Trauma%20Team.mp3?

Hey Girlz - forget about it! If people want to download my stuff, I'll be very happy.

Just make a donation box or a pay link, and probably, out of 10 000 downloads, you might get 1 000 buyers (the ones who love you and what you do for them) - think about it.

Today everything is available on line, movies, games, music, softwares etc... the hackers say 'buy if you can or if you use it..." Way to go. It works.

On the topic, look at Jeroen's player - FREE - or a mere €20 for commercial use...
I see JW's player ALL over THE NET - not surprised, J did the right thins, he's got BALLS.
Likewise, out of 100 000 users, hopefully got 1 000 to buy a license. I bought one.

Same for music and/or video, GET YOUR MUSIC out there you CAVEMEN/WOMEN people :)

The internet has changed the way we do, see, hear things, the way we interact and communicate with each other, let it be, and play the game.

There are poor people out there, they cannot eat well, or sleep well, but they do manage to go on line, that's all they have left, the only happiness, thanks to the NET.

There are leeches too, nothing new, there is nothing you can do about it.

Think smart - act smart, give a lot, take a little. NOT the other way!
Give little - expect a lot... BOOOO shame on you if you are one of these people.

Anyway, see for yourself, try to protect your media, think stingy and greedy... and see what you get in return.
Good luck. Oh, and you might be lucky if you ever end up on a P2P site! F*cking LOL.

Or do it right, be courageous, your Music or Movies are a MESSAGE for this worlds - NOT the NEXT one (although there is one).

You know what? I am cool, just trying to tell you how things are working, in case you still don't know.

@lol?
http://muziek.rapmaster.nl/doggs/RapMaster.NL%20-%20Doggs%20Ft.%20Kabal%20-%20Trauma%20Team.mp3?

How would you like me to send this MP3 back to you? It's on my desk right now, and I AM A NEW BEE ;) bzzzzzzz

Oh, on top of that, Quicktime offers me various option to save this file - as well...

Hey, I'm working on a similar problem and have been told that the player here is 100% secure:

http://artists.emidigitalmedia.com/terez/

Can anyone tell me why this isn't the case?

Thanks!

@Vladimir,

It isn't secure. The files are just FLV that are streamed with an RTMP server.

Get Orbit Downloader and you can easily download every one of them.

Simplest way is not to put it on the Internet. The Internet was meant for sharing data, there is always a way to pull the content off your server or hotlink to it. The best way to protect your content is to watermark it, that's all you can do - anything else like DRM will only hurt your site and waste resources.

My thought was to break up video clips into smaller chunks with ambiguous filenames. The flash player concatenates the chunks from a playlist and plays back the movie as if it were one single file.

Sure, you can download all the chunked files. Do you really want to take the time to sort through them and combine them in a video editing console?

to everyone who says it can't be done: DUH! of course it can't be done. yes someone can obviously plug into their line in & steal the thing, or stick a microphone in front of the speakers for that matter. and anyone who is motivated enough will find a better way. the intention is to prevent & discourage 95% of casual users/script kiddies from easily stealing your content, and maybe convince some portion of the other 5% that its going to be difficult enough that its just not worth their while.

i'm developing a system to protect content not because i'm stingy or greedy, but because i'm developing the online administration of an audio portion of a college entrance exam. i have to prove that i've taken reasonable measures to prevent cheating.

that said, there are some really really great ideas being discussed here. depending on a number of factors, i might have a good number of hours to dedicate to this part of it. i'll come back and post what methods(s) i ultimately wind up using! thanks for all the great ideas.

You guys seem to be ignorant of the fact that we're using computers.

If a computer program (his Flash player) can re-combine Mike's chunks to play back the movie, then another computer program can combine those chunks in the proper order and save the movie. That's all streamrippers, downloaders, whatever you want to call them, do. They combine packets in the proper order and save them as a media file.

Watermarking, pinging, or chopped content are the only way to protect your content. But then, you have to be concerned about how much you are damaging the user experience. Make sure that you float your watermark around, otherwise, it's easy to subtract the watermark from every frame. Again, the computer will be doing this while I'm out partying.

Someone obviously put a lot of time and effort into Orbit Downloader, but now it's free for all 6.5 billion of us to use. That's the power of the Internet.

Time for a new business plan anyone?

fileArray[0]['file'] = "http://www.myserver.com/mypath/"+fil;

Encrypted RTMP Streaming? :P

how about somehow linking joke programs or potentially unwanted programs onto the end of the music file or files and having it so if someone uses the mozilla cache to get it this potentially unwanted program you put on it activates and either the anti virus will detect it and try to remove it OR the joke programs or potentially unwanted programs causes the computer to crash or causes something unwanted to occur like a system failing to respond

if no one trusts that the music files are free of these joke programs or potentially unwanted programs then they probably wont try downloading ur other songs even if they are not booby trapped with joke programs or potentially unwanted programs

[JOKE_WOW]
Name: JOKE_WOW
Alias:
Type: File
Platform: PE (Windows 95 & 98)
Place of Origin:
Destructive: NO
Trigger Date: NONE
Password: NONE
Seen in the Wild: YES
Description: Joke_Wow is a joke program that will appear to be deleting the contents of your C:\Windows directory when executed. In reality, this program does not harm your system. It will not infect other files. To remove the file, just delete it.

Updated: February 13, 2007 11:36:31 AM
Type: Joke
Risk Impact: Medium
File Names: Compuclean.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Behavior Joke.Apeldorn is a joke program that displays a series of dialog boxes with text in Dutch and distorts the screen image. Then, it pretends to restart the computer in MS-DOS mode and format the C: drive. However, it does not actually do any harm.
SymptomsYour Symantec antivirus program detects this joke program as Joke.Apeldorn
Transmission
Joke.Apeldorn is usually a stand-alone executable and requires you to manually execute the program.

Updated: April 23, 2008 9:19:41 AM
Type: Misleading Application
Name: Privacy Watcher
Version: 3.1
Publisher: Privacy-Watcher.com
Risk Impact: Medium
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Behavior: PrivacyWatcher is a misleading application that may give exaggerated reports of threats on the computer.

Updated: May 31, 2007 7:16:13 PM
Type: Misleading Application
Publisher: spylocked.com
Risk Impact: Medium
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000
Behavior SpyLocked is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats.
Note: Definitions before May 18, 2007 may detect this security risk as VirusBurst.

@Anonymous

that is really an unusually bad idea - even if it is possible, dont do it !

such attempts could ruin the usage of flash in general - and only help spread the usage of flash blockers - bad bad bad !

hi. that was a very long thread.
i want to be able to be able to do a simple thing - hide the hotlink
in the javascript, that appears in the html code.
how do i do this?

thanks.

@Plamenator

from - http://www.jeroenwijering.com/?item=Supported_Flashvars

Flashvars in external config.xml
If you have lots of flashvars and you don't want the list to mess up your HTML pages, you can also aggregate your flashvars in a single XML file like this one. - http://www.jeroenwijering.com/upload/config.xml Next, use the config flashvar to assign the XML to your mediaplayer or imagerotator. All vars inside the XML will then be parsed with one line of code. Any additional flashvars you do set in your HTML will override the ones that are in the config XML.

you can also recompile the player using flash8 or cs3 after setting the "prefix" - http://www.jeroenwijering.com/?search=prefix
please note this all doesnt prevent anybody but the absolute novices from access -
you need serverside means for this (and that doesnt prevent the copying of the files either - but can prevent some deeplinking)

i guess this cache stuff wouldn't work if you encrypt the data and let the flash player decrypt it. should be quite simple. it is however still somehow possible to decrypt the files but if you write some simple and fast encrypt/decrypt routine the evil downloader has to analyse your player. or he justs records the song via audacity or total recorder. lol.

maybe those interested can help break down this site.

http://www.cmt.com/artists/az/montgomery_gentry/2280303/album.jhtml

1) click preview and follow the source of the new page.
2) obtain http://www.cmt.com/sitewide/apps/mediaplayer/asxmaker.jhtml?track=01&adPth=/sitewide/ads/adsetup/art...
3) paste in another window
4) here it gets tricky...
you can view the soruce, it gives the file name

can you download it? NO...

take this file for instance... mms://a46.v3547b.c3547.g.vm.akamaistream.net/7/46/3547/v001/cmtstor.download.akamai.com/9544/_!/cmt.com/m/montgomery_gentry/back_when_i_knew_it_all/01.wma?auth=caCdndib7asbIcYaNbxbjd4aFcibybcbbdS-bixw75-dHa-yFMxwC&aifp=mtvn_03

you can call it up in windows media but 1) it's not in your cache 2) it not savable

i agree that it has to be in your computer, but i followed it up and the only stuff i find in media player is encrypted.

can anyone figure out a way to download tracks here?

i don't care to download the music at all, but this seems like it's the best example of Not Download-able music i have seen in 2 weeks of research...

I'm trying to reproduce this system, (there is enough info to do so.) but if some one (any one) can crack it it's useless.

btw, making music not download-able it's not hard at all if you know say C++ and create your own application.
itunes does it that way for instance, and if they do there is a reason (it's the cheap way around it!)

that being said, i would like to produce an open source project to do just that... some day ...

the links got cut up? will need to follow them your self i guess...

@andy310

the very first stream recorder i tried copied it with the standard settings -
google for stream recorders or stream grabbers or stream rippers and maybe try some trial versions....

that's true, but if you are serving the track there is no way not to have them record it

i mean you listen to it right? so technically get a mic and record it again...

the needs to download and install 3d party soft were to do so should mean that not as many persons would be doing that...

well i guess i have to further explain my situation, this is part of a project I'm trying to brain storm about

1) users can preview tracks of an album (tracks are not made available in full)
2) uploading the tracks is done by the same artist, and only one track gets uploaded, no clipped version should be necessary
3) the application should allow listening to 30 secs of the track then stop the play back

so what you would be doing is listening to the same file that you actually download. even if only for 30 seconds.
and when you download the file there is a download manager that gives that part out to you without displaying the full link or the location in any way. (maybe flash and an MD5 hash of the file name... or an external java script application)

the important part will then be that no one can download or get to the music file location and name.
the moment that is available, the full track is then downloaded, and the whole thing was pointless.

so... i have been looking around, and so far that was the best approach at making the track not available for download
i don't know about playing it only for a determinate time... but for that i can probably find a workaround...

if anyone cracks the track location/name and can download it... please let me know ;) also if you have feed back that might help the brain storm that's very very welcome B)

@andy310 - here are some thougths:

first, im not sure i understand the distinguishing you do between recording/copying and downloading.
they result in the same - a file that can be multiplied on the local machine and copied to other devices -
or do you by download actually mean deeplinking - as in other sites playing the files from yours, using your bandwidth?

second, most people dont realize they can read the source code of a page, or that there is something like a browser cache -
most kids i know, even have grave difficulties distinguishing when they go online or not, and dont see the need to -
but just about all kids i know, will install programs on a whim - and reinstall the operating system rather than clean up -
they dont know about the technicalities - but have no problems managing to fill their portable devices with thousands of files.
not actually knowing what they do - they obviously cant distinguish between converting file formats and downloading files -
and cant really see the difference between ripping a site or moving a batch of files to their phone or player of their loved ones

surprisingly many people have a concept of copyright that is markedly different from what industry and authorities have -
not so much out of bad intend, as because it takes too much technical insight...
note that these are not bad people - and they dont mind the artists getting rich at all - as radiohead have proven - just ask !

note that the modern concept of copyright (as industry/authorities sees it) was only established and accepted broadly, a little more than a hundred years ago - http://en.wikipedia.org/wiki/History_of_copyright_law
before that, you could only be sure to earn by performing. people would pay entrance fees for the concert, and if people bought sheet music, it would be the printer or merchant/distributor who earned. as soon as the song was sung, it was public domain
modern technology have now made the distribution of information effortless - push a button and billions of people have access
this has changed marketing for ever - companies can pour millions into advertising/copyprotection, without the wished result
and all the while a kid somewhere will go viral - without costs - but with streetcred...

Just wanted to say, the post entitled Pretty Simple has the solution perfectly.

I had that going already, but the trick is you have to have 'flv' anywhere in the filename, otherwise it won't work.

@andersen

well maybe you are right, but that would still not be the same quality, and unless they have direct access to the file, they would not be able to duplicate all of it because the streaming would stop at 30 seconds, if i find a way to do so...
therefore they could still not extract the whole file off of the server (or link it as you mentioned) unless it is paid for and the download is allowed.

I disagree to your second point, as in most people do know about the cache, even tough they never think of it as where the file might be... and even tough most people don't know about how to actually read html source code, Robots do. That's what they are designed for, they go in and pull down a site. take the wayback machine for instance (http://www.archive.org/web/web.php). So, because of the nature of the tracks and their license, we can't really make the full path available. in the source code at all.

because the nature of all costumers, we can't have just flash, we need some fall back system.

because of the need of a fall back system, there will not be any need for a flash version of it.

i hope that explains it better ::)

I agree with the copyright concept and all, but this isn't really about copyright, the artist own the copy right to the song and the song is sold to a fan with a strict license agreement that defines his terms of use of the track.
Copy right infringement is not copying or downloading the music, it's claiming you wrote the music when you did not.

I think I have found the solution and will post my result in the next week or two.

I have been working on a similar problem, only trying to prevent the download of an MP3 stream in general (as in with a plain hyperlink to an M3U file - no Flash). My goal is not to make it impossible to get a copy of the MP3 (by providing the stream, I kill that thought), but make it so the ONLY way to get a copy is take the amount of time for the MP3 to play in order to make a copy. If I had 100 MP3 streams, I am willing to allow someone to take 350 minutes in order to record them all, rather than the few minutes it would take to actually *download* them.

My goal is that even if someone examines the code (client side or server side), they still will not be able to directly download the file. I am almost there, and will post a challenge (which I hope will be beaten so I can figure out how to fool proof this) in a week or too.

Luck!

What's to stop me from running a simultaneous request; code generously provided by: http://www.ibm.com/developerworks/library/os-php-multitask/index.html to get all 100 at once?

polytonality - Simultaneous use of two or more tonalities in a musical composition.

Nothing would stop anyone from making a simultaneous request. Request 1,2,3...100 will be unceremoniously rejected.

The idea is to prevent even one direct download, let alone 100.

Someone could do 100 STREAMS at once (from their computer), but then what? Run up my bandwidth, and that's about it.

I want my system to be able to tell the difference between a stream and a direct download (which are essentially the same thing). That is what I am working on.

The way the system works is: to listen to a song or play a video, the data HAS to come to my computer. Call it a stream, a download, whaterer, it doesn't matter. Once the data is coming to my computer, I can capture it. If I can capture one stream, I can capture 1000 streams. You really can't prevent it. Even an old granny can click on Orbit and capture anything.

I understand that. I just want to make it so that the only way to copy a 4 minute mp3 would be to take 4 minutes to record it. Then, if someone wanted to get a copy of all 100, they can if they have 24 hours to spare. That's all.

or put the following code into the mp3: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
when you download the song your antivirus will detect it as the eicar virus and remove it

That would also prevent the stream as well.

@BD: you can do this with a simply PHP script that 'throttles' the file. For example, xmoov-php supports this. This script will simply write the mp3 to the player (or downloader) a few bytes at a time.

Some nice suggestions. The cookie redirect, is nice.

But unfortunately, if you send data (mp3, flv, etc) to a client (web browser) you have already lost. No matter what server side tricks you use, the fact that it get sent to the client is enough to brake them.

I have seen sites that go to almost insane lengths to stop people stealing their work, but all it takes is a good packet sniffer (like wireshark) and its game over.

The point is to minimise your losses. And no that doesn't mean making it so hard that only 1% of people using your site can actually steal your files, because that one person will just build a site to allow the other 99% to download it too.

If you sites business model can't support piracy, then it's not a good business model. Live with it.

What can stop a user just ripping the whole site with programs such as web ripper?

When set correctly this will download/leech most of a sites content.

BD, I've been waiting a year for someone to come up with a way to simply mask the location of the MP3 files. Only 5% of users (and I'm being generous) know about caching and where to find what's been cached.

The v3 player supposedly had a variable in the FLA that could point to a specific folder when retrieving MP3's... one that wouldn't need to be specified in the XML files. But someone told me this variable was removed from v4.

Why? I don't know. It seemed pretty effective to reduce the amount of direct downloads and hotlinks. Why would JW remove this variable?

I'm not looking for 100% protection and, like everyone else here, I'm sick and tired of people repeating over and over again that nothing is 100% secure on the web. WE KNOW. You're not impressing anyone by telling us what we already know. Repeating it again and again just confirms that you're not getting the point.

My, my, my... aren't we boiling over today.

I can see that I can make a fortune with an online Anger Management course.

Yup, that's going to be my next enterprise.

I'll offer you guys a free session or two just to get things started.

My idea is to have it so that when people try to steal your music they instead get redirected to www.zango.com or get a virus that corrupts their internet connection so they cant connect evar again

Why not encrypt the playlist file such that only the server can read it and then give the folder where the files are located an obscure name so it is hard to find. Again, not 100%, but I think we've established that already. It will stop many from being able to obtain the files via direct download. Just a thought, haven't looked into it yet.

Just to repeat what was said earlier - the post titled 'Pretty Simple' has a good solution for hiding the mp3 file location - thanks a lot!!

You can use a dynamic site, where your page containing your player (and its information) is loaded dynamicaly in a SPAN or a DIV , this prevent people to see URL and to source the page to see the code.

I'd like to add the following thing.

The internet is a free place ! all what you can show online on any website by definition is no more private !
So if you don't want people to get your file , just don't post them online ;)
or as the first post from piggy said just your website access with password ;)

I don't the scale of your viewership or your budget, you could look into the flash streaming protocol "RTMP" (e,g RTMP://host.com/Course/video1.flv) to output our video. What is RTMP? RTMP stands for Real -Time Messaging Protocol. This protocol is used by FMS (flash media servers) to deliver bite-sized data of real time objects, video, and audio to end users. It maintains a persistent connection only delivering the data currently being viewed by the user at that exact given moment.

The benefits we get with it compared to progressive download (e.g http://host.com/Course/video1.flv) is that you get immediate playback; can skip to a point part way through a clip without needing to download the beginning; rather then using bandwidth for viewing the entire file, it uses optimal bitrate delivery on an as-needed basis; and it protects Digital Rights (as content does not have to be downloaded to viewer's machine).

The cheapest host i found for my employer to use was http://influxis.com. If you decide to use RTMP and happen to find a cheaper host, do post it for me :)

it's simple to rip rtmp with orbit downloader. not secure at all. also when user scrube download again and again, too mych traffic

hmm. is that the same for rtmpe?

Ok i just looked into it and it seems that RTMPE is still uncracked. Thanks for bring this to my attention crocko. And i have to say that orbit downloader it pretty good :)

To those still reading this thread, you know any ways of going around RTMPE? The audience for our online videos are from the pipeline industry and will be viewing them at work, so they usually won't be too tech-savy to bypass, most of the solutions offered in this thread. Plus their company pays for thier certification process. However for future projects outside the company i'm contracted too, i would like to know about the security of RTMPE. thanks for your time.

P.s: hey crocko i was trying to use orbit to see if it could grab my rtmp (not rtmpe) stream and it didn't seem to work. Wowza sets up the link as:
RTMP://IVhost/IApplication/IApplcationInstance
(in my case correspondes to)
RTMP://192.168.1.119/simplevideostreaming/Extremist

I noticed that since it wasn't like the other rtmp stream links that point to an flv (e.g rtmp://192.168.1.119/simplevideostreaming/Extremist.flv) it didn't pick it up. it just recognized the swf player and grabbed just that.

or have your site set up in such a way that if people try to download music in such a way that they bypassedthe pay mechanism and the person has Data Execution Prevention (DEP) enabled the browser would close and they would get a windows popup saying that DEP has closed this program to protect your computer. then the person wold read more about DEP and then decide that your site was untrustworthy case closed

Hello:

Teh harder a HONEST person works to prevent files from being downloaded, the harder others thingk of ways to BYPASS such restrictions.

If someone is DESPERATE to get a copy of the song, and even if you take all the rpecautions to make it hard to download, it is SO EASY to use the right sound card (that permits playback AND record). So, in short, if your song was so good, and if someone were a crook and wanted it, Even if the file was not downloadable, *NOTHING* will prevent that person from loading up the sound recording program, pressing RECORD while listening to your song. When th song is done playing, to stop and save recording.

Now, if this song is for sale on a DVD/CD/CASSETTE, etc. and you wanted to sample the whole song to them, you could sound-mark it with a squealy hiss or tone and lower quality stating that the full featured song will be without the noise, and higher quality.

Hello everybody, as my part i use php session on xml playlist, like extFeed.php

so.addVariable("file","extFeed.php?v=B577XH08G&id=a796318908324166f86baa3a8bb7beb0");

and try to open the playlist http://megtube.com/extFeed.php?v=B577XH08G&id=a796318908324166f86baa3a8bb7beb0
just hit me if you view the flv file, tnx.

www.myspacegator.com

Please note that Scott Tiger post has inappropriate content for an office environment.

ergo don't click it if you like your job because you might actually get fired :P

you can always stream the file in flash and limit the play time. that way it is not in the the cache.
I'd like to see some idiot that records a clip of 10 seconds of the song and spends 3 hours placing all the clips he recorded together just to save .99 cents...

it's just the same theory as encryption and decryption... if the amount of time needed to decrypt something is much longer and expensive then the value of what is encrypted, then no one will try to break the code because it would be a waste of time...

@andy310 - lots of people really enjoy "wasting" time, simply for the challenge of it - not to mention distributing and boasting

www.soundclick.com no longer works cause we from Linden Labs/ Second Life are DDOSing the shit out of that dumb site

RTMPE has been cracked by Replay Media Catcher.

www.kayjewelers.us is best of kay Jewelers

i had an idea. have 2 files both claiming to be the mp3 they want. now put a extra symbol (ex $0 at the end of the actual mp3 file. that is the real song. the other mp3 you have is a virus of the zango variety. then you encrypt hide the real mp3 in a hidden part and have it so is can stream so you can listen to it. when people go to the firefox cache to find it they will see and download the virus instead. it will be <name of song>.mp3 if they cant trust you not to put viruses that look like mp3 files then you have won. they will tell their friends who will tell their friends and you get it. no one will want to risk their computer for some song.

@Anonymous - really really bad idea ! - first of all, the scheme you propose wont help a bit against stream recorders anyhow
second - the mere idea to protect a file 'behind' a virus is so abhorrent, it would probably kill your business when noticed !

<embed src="http://embed.hrisnici.cz/4222xa.swf" type="application/x-shockwave-flash" wmode="transparent" width="435" height="355"><br /><a href="http://www.hrisnici.cz/">Hříšníci.cz</a>&raquo;<a href="http://porno.hrisnici.cz/videa/natali-16930.html">Natali</a></embed>

the Plugin fot the Flash MP3 Player
I configured playlists:
$playlist = array(
'1' => 'http://mydomain.com/singer/playlist.m3u',
'2' => 'list1.m3u',
'3' => 'list2.m3u',
'4' => 'list3.m3u'
// And so on....
);
Instead of the playlist.xml I did insert "em3uplugin.php?m3u=1"
but how the script creates a XML Playlist with the M3U file.!!!
**
when i change playlist.xml to **em3uplugin.php?m3u=1** into the action script , the mp3player calls the php script (em3upulgin.php )
is the list1.m3u the same playlist.xml ! do we change *.xml to m3u !
this pulgin was nor clear !! can sombody tell me how that does work step by step !

"@Anonymous - really really bad idea ! - first of all, the scheme you propose wont help a bit against stream recorders anyhow
second - the mere idea to protect a file 'behind' a virus is so abhorrent, it would probably kill your business when noticed !"

thats the point. if no one can trust your music to be uninfected they wont download it

I'm so pissed at realplayer right now. I thought I was all smart by editing the .swf file so that it wouldn't show the whole path to xspf file, then realized realplayer can still download my songs from the cacheing. Arggg.

Hopefully tomorrow I'll be able to figure out some of what you guys are suggesting, because I have artists on my website that don't want their music leaked. (At least not so easily)

Install the Firefox plugin "Live HTTP Headers". If the URI for the file isn't visible in that, you're a little more secure.

Use an up-to-date RTMP streaming server that Orbit Downloader can't connect to (at least not today, tomorrow is another game).

Mix some "pings" into the songs to ruin them.

Rinse & Repeat tomorrow.

Why don't you guys just change the extensions to something off the wall? I doubt something like

thesong.ajscovel

would be triggered for download from Orbit or Replay Media Catcher. You could then use .htaccess to tell YOUR server that the file is is associated with the mp3 mime type.

You could also change the mp3 extension to a known file (like .psd) type and replace the mime for the mp3 mime. This way when the file is downloaded it will appear to be a different type of a file, plus most people dont even know how to edit file extensions on their pc.

I make up fake extensions all the time..

I have never tested with a media catcher though, but I would assume it would get the job done

, and confuse the heck out of someone checking the cache.

Aaron Scovel

my idea is to do the above but make it an extension that virus scanners mark as potentially dangerous so that when it is downloaded the virus scanner will pop up and warn you that it is dangerous. (ie a rootkit spyware adware keylogger Trojan horse ect) . then the user will delete the file and then ( hopefully) tell friends to stay away and presto problem solved no one would want to go to that site if they didnt feel safe using it

the whole idea is using fear to protect your music from piracy by making people think that it contains malware so people will not want to click on the link to listen / download no matter how good the songs are and how easy it is to download from the site.

@Pretty Simple or anyone...

Could you post the video version of the code? Tried tweaking but not getting it to work...

Thanks

just tried it again ( Pretty Simple's Solution ) and couldn't get it to work... Anyone have it working?

got Pretty Simple's solution to work... i.e. the links are working and playing the video / audio... but how would you best embed on a page? as far as I understand, his solution is for linking only... i can use an iframe but is there a better way?

I am trying to use http streaming and found out that using Basic Authentication is possible for flash player greater than 9.0.124 so that your files can be safer, i'm still struggling to get the player to implement this. If any1 can point to the place where URLRequest is handled, that would be pretty handy (my head hurts after a few hours of debuggin...)

I have a working demo for the connection taking place properly, if any1 is interested, please send me a msg at

bulkymail @ gmx (dot) net

since soundclick is a free music site there is a high chance that the site or the music itself is contaminated with malware

who knows? soundclick might be the actually be the source of the conflicker virus family. there are so many accounts on soundclick that it would be easy to hide on soundclick and soundclick to upload malware and control botnets. it is also so easy to create accounts that anyone could create multiple puppet accounts and switch randomly between them with no one being the wiser.

do you trust that the site(soundclick) / music is malware free? cause i sure don't !!!

Whatever you play or watch on your computer can be recorded and saved using inexpensive and even free software, so what is the purpose in trying to obfuscate the urls of files? That exercise makes little sense.

What does make sense is to mark the source of a file as 'official' or 'unlicensed', which can be done on the server and streamed to the players "status" column.

Licensed tracks will display a "copyright paid" icon provided by the vendor - unlicensed tracks or tracks from unrecognised sources will display a pirate and crossbones icon!

That seems to be the direction to go in.

www.Homepage-link.to/pirate

Hello,
Can some one suggest a way to secure my playlist served by the conduit toolbar?

My site is www.angelav.com

I could not implement any of the suggestions here. I use kplaylist to generate my m3u list...

has anyone had any luck with "hiding" or "disabling" this real player 11 video download link? does the .htaccess file trick work if i change the extension of all of my files?

if anyone had any luck please please please email me or post some code examples!!
thanks

kdel20311 @ gmail (dot) com

Don't be ridiculous. You can't prevent recording of HTTP streams. Ask your question in the Streaming audio/video recording forums http://stream-recorder.com/forum/audio-stream-recording-f5.html

and most probably there will be even free software that allows to save/record/download such streams.

Plus you can always record audio from your sound card
http://all-streaming-media.com/record-audio-stream/direct-sound-recording.htm

@Pretty Simple

Solution doesn't work, I just tried it. If I call http://hostnamewhatever.com/player/get.php?param=mymusicfilename.mp3 the browser simply fetches the mp3 from the server and send it to the user!

Seems this made it easier than more difficult to download the mp3!

p.s. I had the mp3 sitting in a folder higher than public_html/ so it is not accessible through a browser request.

AJ is right!

The mp3 is right there for you, the path (http://hostnamewhatever.com/player/get.php?param=mymusicfilename.mp3) is there in the source of the page playing the file, and you can save it to your desktop from there.

Alas.

@Pretty Simple

WAIT! This CAN work, if you set a session variable to check that someone is not just trying to access get.php (bold type indicates the change to Pretty Simple's code):

Create two directories - one that has the mp3 files lets call this directory "music" and has a .htaccess with one line it in
deny from all
Put all your mp3 files in there - they cannot be directly downloaded due to the htacess deny rule

They create the other directory say "player" with the swf file and the index.php as follows:
<?php
session_start();
$fileonly=$_GET['param'];
$fileonly=str_ireplace("..","",$fileonly);
$fileonly=str_ireplace("/","",$fileonly);
$fileonly=str_ireplace(" ","_",$fileonly);
$_SESSION[$fileonly] = '1';
?>
<embed
src="mediaplayer.swf"
width="640"
height="480"
allowscriptaccess="always"
allowfullscreen="true"
autostart="true"
flashvars="file=get.php?param=<?php echo $fileonly; ?>&showstop=true&autostart=true&bufferlength=3"
/>
</p>

Place the mediplayer.swf file in this directory

Create another file in this same directory that streams the file called get.php
<?php
session_start();

$fileonly=$_GET['param'];
$file="../music/".$fileonly;

if ((isset($_SESSION[$fileonly]))&&($_SESSION[$fileonly] == '1')) {

header('Cache-Control: no-cache');
header('Cache-Control: no-store');
header('Pragma: no-cache');
header('Content-Type: audio/x-mp3');
header('Content-Length: ' . filesize($file));

$fh = fopen($file,"rb");
while (!feof($fh)) { print(fread($fh, filesize($file))); }
fclose($fh);

}

$_SESSION[$fileonly] = '0';

?>

Now you can just link to your mp3s as http://hostnamewhatever.com/player/index.php?param=mymusicfilename.mp3

All set.

There is *no* real method of protecting content in a final sense of the word. At the end of the day, trapping audio and recording the screen (as crude as it is) will in fact catch everything. Why? the videos and audio streams MUST be decoded to be played on screen.

You can type in: "Flash Catcher", "Flash Grabber", "FLV Grabber", etc.. in to google and see hundreds of hits for "saving" streaming media, decoding URL's that are called, etc...

Now, that said: there are ways (short of using FMS and secure NETStream calls) to keep your content from being stolen (mostly).

By the way, most browsers do not apply "no-cache" headers to content WHILE it's being streamed / downloaded. These headers only work if your rendering the HTML to a new window, and then the window closes - which causes the files in the TMP directory to be deleted (most of the time). There are certain versions of certain browsers which can be set to IGNORE these headers (based on security concerns, or loose security / lax security settings).

If it's a SWF or an MP3 file or WMV, or any other type of progressive download, or "loaded content", and it's not coming from a streaming server, it will be cached by most browsers - that's the nature of the file type that is provided.

So step 1 is: convert your media to a streaming protocol of some sort.
Step 2: IF you can, use SECURE protocol transmission (like RTMPS or HTTPS), this will stop "mostly" - the packet sniffers from picking up a decoded stream of bytes. After all, streaming is "just another download" to the file server it's coming from.
Step 3: to stop "leaching", ensure your video is outside the public_html directory, and your streaming service can provide a call to application code on the server that can "load" a file from beyond the public_html directory.
Step 4: JavaScript security hole: the movie name is a dead give-away. Paste that in to the URL that calls the streaming service, and bango: as long as the streaming server doesn't require authentication, your video downloads or replays (one can steal it from viewing the source of the page). Right-click stoppers only work so far, because the HTML of the rendering page is cached during playback and can be grabbed from the temp directory. So, you MUST find a way to "render the JavaScript dynamically" using a server side call, that changes the "movie name" on *every* call BACK to the server. The server side streaming program must then decode the dynamic key/movie name (streaming side like XMOOV.php for instance decodes the name) to a real file name, and then offers the movie up.
Step 5: This dynamic movie name should be a RANDOM NUMBER, and should not be "encrypted", so that it cannot be "decrypted" by Decode routines, etc.. It should house meaningless data.
Step 6: the server side script should log the "initialize request" (real file name to play + generated unique meaningless key) somewhere in mySQL backend, then resolve it at PLAY time / streaming time. This way, the BEST that someone can do is "stream the movie twice at the same time using the exact URL"
Step 7: to stop the parallel playback, the server side streaming script deletes the unique request record after it's resolved the original file name.

Now, if you want to see this in action, I'm currently building a site: http://teched.datavaultinstitute.com (you have to register for free to see the movies).

It's not perfect, and it doesn't stop everyone from leaching, but it is interesting to say the least.

Contact me for more information, or to help you code your solution.

Cheers,
Dan Linstedt
danL@empoweredHoldings.com

in the end, the content has to be downloaded, that's when we grab it.

for leeching, we just look like an authenticated user to you, you never know if we're real or a bot.

True, but for leeching - to look like an authenticated user, you MUST have all the parameters and be logged in. If the server detects dual "play" reuqests at the same time for the same movie, and denies it: then you cannot "leech". For being a single authenticated user, you must have an account and write a bot to access the remote web-site, sign-on, and run the video.

As I started my reply: there is no "real" way to protect anything on the web. Once it's decoded, or downloaded, it's done, you have it.

Cheers,
Dan L

Couldn't you just store a variable in a DB which increments everytime somebody visits the page with that file on it, then if the value in their parameters doesn't match the current incremental value, then they're doing something they shouldn't be.. just a thought

A DB Variable only goes so far. Once the movie begins playing on the screen it can be captured regardless of the code behind it.

Take a look at Replay Media Catcher to see what I mean - it's a serious "lifter" of all media content.

Cheers,
Dan L

Hi

I want to know how to prevent downloading of video file
i want to prevent user from downloading.

If you use streaming with SecureToken it is possible, but by default, programs will be able to do this, because even YouTube has these issues.