I have to build an application where users can download videos from a site but cannot share them. My first solution is to save these files in a hidden location on the users computer since one of the requirements is that the user should be able to watch the downloaded videos offline.
Please how do I go about saving a file in a location the user cannot see using php.
Thanks.
One solution is to generate token for each request for a video. That token would have its lifetime. Php script should be serving the content instead of giving direct access to resource to user. The script should check if the token is still active before serving the content. It is up to you how to pass the token. The simplest way is to make it contained in uri.
No matter where you put your videos in your directory structure, you always send the data as a partial request. Once data is acquired by the user, it could be saved an reproduced.
There are techniques, however, to protect your video from direct download through curl, wget or other ways of download. And this is using a secure token and an expiration, passed as parameters. This way your video download window will be limited and generating the token manually would be pretty hard.
Chidiebere Onwunyirigbo, its a Great Question. One solution for your requirement is Steganography. It is the process of concealing your data (videos) behind other files (multimedia files like image, audio, video), in your case preferable would be Image Steganography. It is quite a old technology but new to many, you can get several ready tools/code for it on the internet which you can customize as per your need. From your side you have to provide the file that is already embedded inside the image for download. Only the tool coded for retrieval and rendering the hidden video can render your video. So, for this part all the users of your site have to first download this desktop application from your site for viewing the video. This will keep your videos safe on the users computer offline, because every user who takes the video will require the reverse steganography tool to be downloaded from your site. You can even embed secret info like users IP inside the Stego image along with the video and for each tool download, associate user computer's IP with the tool. If IP embedded inside Stego image matches with that of tool only then you allow to play else redirect application to get it registered. But the limitation would be that, the users will have to download your application and will be able to view videos only on your desktop application which will render the Steganographed video.
You cannot hide information on the user computer. Even if your process are running on a windows comp as SYSTEM user, a power user can take ownership of the files.
The only solution you have, are developing or using a known DRM system, for allowing only playing the video on a determined computer or another specifications (for example, if the program have the authentication token of some user).
At any case, you need to do two things for this: - You need a custom application to play the video, if you want to check DRM. - You need to recode / modify something on the video before download, for adding on them a code for allow only play on the destination computer or data used for authenticating DRM.