• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Securing download and hiding its source directory

#11
[eluser]JaRoLLz[/eluser]
I've finally got it working.

As mentioned in my previous post, the web player always fails my authentication (e.g. is the user/leecher logged in?). So, I make a new mechanism to view the content:

In the controller `Contents`
Code:
function view_content($content_id) {
  $this->load->helper('string');
  $random_string = random_string('alnum',32); // the challenge response code
  $data['contsrc'] = site_url('general/get_content/'.$content_id.'/'.$random_string); //content source
                                                                      // uri plus challenge response code
  $this->session->set_userdata('view_content_challenge_code', $random_string);
  $this->load->view('view_content_video'); //let's assume the currently available contents is only video
}

In the controller `General`
Code:
function get_content($id,$challenge) {
  $this->load->model('ContentModel');
  $authOK = ($challenge === $this->session->userdata('view_content_challenge_code')); // does the code match?
  $this->session->unset_userdata('view_content_challenge_code'); // no second chance
  if ($authOK) {
    $contentdata = $this->ContentModel->getContentData($id);
    force_download($contentdata['full_path']); // using improved force download from Wilker
                                               // http://ellislab.com/forums/viewthread/71192/
  }
}

This code works because the `General` controller is accessible by anybody.

Content link example:
Code:
http://example.com/general/get_content/5/asdlfjdKJHDFKJDHFDJSL9823FLSAKDJ
Assuming the session is correct, the above code will return the content with id 5. However, the next call with the same challenge code will return nothing.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.