How to show streaming videos to only authenticated users?

I am creating a web application in CakePHP that lets a user register and upload their photos and flv videos that can be then viewed by the user himself and the friends in his list. Now, for the images part, the uploaded files are going to a htaccess protected folder which are then being read through a ph开发者_JAVA技巧p script by the authenticated users. But, I want to achieve the same with streaming videos as well.

So, is it possible to stream videos through php and is it safe to use htaccess to protect your user files? If not, can someone guide me through a proper way of handling such situations?

Thanks in advance.

aadravid,

reading about the htaccess solution, i wonder if a AUTH/ACL based approach would not be better. The easiest way to enter this realm is the acl/auth tutorial.

Implementing it exclusively with the CakePHP features would get rid of the strangely looking Apache authentication popup.

Edit0: Maybe the Security Component is for you?

Edit1: Giving it further thought and lecture, you maybe:

1. Have to create a folder for every user, making the parent folder not showing the indices (via .htaccess). If you want to go fancy, you could map foldernames to users randomly, adding another difficulty for "curious people".
2. Create the .htaccess file for each of these folders automatically, including the necessary file e.g. usersHTpasswd somewhere out of the webroot. In usersHTPasswd you would add the htpasswd hash according to your method used at the very same time you would initialize a users folder. Just lookup how this is done (guess md5, but you can tune that imho)
3. Manipulate basic authentication credentials via PHP header functions (or better cake). For group access, you could do some magic in this step.

Strong points (if the solution works, you are my guinea pig :-)):

• Once this is set up the security is equivalent to the htaccess solution to the only weak point of a user giving away her credentials.
• The basic idea then would be to only use the SecurityComponents force login feature if the user is not AUTH-enticated yet (maybe SecurityComponent can be omitted completely)
• Streaming video is as easy as popping a html5 video tag in your view and referencing the target.
• works on shared hosts with (.htaccess files)
• will be cool over SSL

Weak points: - Unfortunatly not a one-call-cakephp-will-do-it solution

Sources explicitly used to create this post:

• devshed , has neat idea(s) but suffers from readable folder
• apache httpd for htaccess, DirectoryIndex

It took me quite a time to come up with this, so everybody feel free to discuss your ideas (or upvote :-))

Edit2: wrksx, an active contributor in the cakePHP community, gave me the tip to try MediaView *sniff*

Edit3: Another contributor, voidet, pointed out that MediaViews chunking - and by the way your used method of serving static files through PHP - hits the CPU. You can install x-sendfile as apache module or resort to my solution, if the performance hit is too big. Maintaining the htaccess files could be challenging.