0

So I have a full fledged working website where user can login and register. Now when a user login i create a user session and use that to maintain the login state.

Now my site has few video content which is hosted in my server. These are suppose to be accessible only when the user is logged in. But right now anyone having the direct link to the media is able to view them without login.

Current webiste folder structure looks like this: enter image description here

So i am trying to solve 2 problems:

  1. If user try to access the link directly and not logged in should be redirected to login page.
  2. If the user is logged in already he should be able to view the resource even with direct links?

What approach do you suggest? I don't want to stop user using .htaccess force authentication as some mobile browser don't support it and would like to redirect user to login page for un auth access.

alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
KD.
  • 2,015
  • 3
  • 28
  • 59
  • You cant do this, it's simply not possible for you to redirect a user to a PHP page if they're not "logged in" using PHP when accessing a resource directly. You'd have to control access to the files through PHP. You can use htaccess to redirect to a PHP page if the user tries to access the resource directly. – Styphon Mar 30 '15 at 13:00

1 Answers1

0

You can't use the PHP Session in anything but PHP, so if you want a user to have to log in using PHP then they will have to access the file through PHP. To do this you need to us htaccess rewrite to redirect the media request to a PHP page. Something like this should work:

RewriteEngine On
RewriteRule ^(.*)\.mp4$ media.php?file=$1 [L]

Then in media.php you can authenticate the user or redirect them to a login page. If they are logged in you can serve them the file.

Styphon
  • 10,304
  • 9
  • 52
  • 86