It would work, however if the user had the foresight to copy and paste the extact html from your site to thier myspace, that would circumvent it, however, you could do more than check the useragent, you can check the referring domain too, that can be spoofed but again, the spoofer has to know what they are spoofing, for most programmers it wouldn't take long to work out, but for most myspace users, it would take a lifetime.......
This may not work as is, however this is the way to go in your case ......
Your html tag for video ...
HTML:
<object id='mediaPlayer2' width="600" height="475" classid='CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95'
codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=6,4,7,1112">
<param name='fileName' value="video.php?file=RC51-05_Tail.wmv">
<param name='transparentatStart' value='true'>
<param name='autoStart' value="True">
<param name='showControls' value="true">
<param name='loop' value="false">
<param name="ShowStatusBar" value="false">
<embed type='application/x-mplayer2'
pluginspage='http://microsoft.com/windows/mediaplayer/en/download/'
id='mediaPlayer' displaysize='1' autosize='-1'
bgcolor='darkblue' showcontrols="True" showtracker='-1'
showdisplay='0' showstatusbar='1' width="600" height="475"
src="video.php?file=RC51-05_Tail.wmv" autostart="True" loop="False"> </embed>
</object>
Your video.php
PHP:
<?
define("BASE_VIDEO_URL", 'http://www.gotcanyons.net/vid' );
define("BASE_VIDEO_PATH", realpath( "vid/" ) );
define("ACCESS_DENIED_URL", 'http://www.gotcanyons.net/TOS_THAT_APPLIES_TO_THIS_MEDIA.html' );
define("NOT_FOUND_MPG", 'http://www.gotcanyons.net/vid/404.mpg' );
define("NONE_SELECTED_URL", 'http://www.gotcanyons.net/vid/please_select_a_video.html' );
define("MUST_MATCH", '*');
function go( $url )
{
header( sprintf( "Location: %s", $url ) );
exit;
}
function get( $video = null )
{
readfile( sprintf( '%s/%s', BASE_VIDEO_PATH, $video ? $video : $_GET['file'] ) );
}
function run_checks( )
{
if( $_GET['file'] )
{
if( !ereg( 'Windows-Media-Player', $_SERVER['HTTP_USER_AGENT'] ) or !ereg( MUST_MATCH, $_SERVER['HTTP_REFERER'] ) )
{
return go( ACCESS_DENIED_URL );
}
elseif( !file_exists( sprintf( '%s/%s', BASE_VIDEO_PATH, $_GET['file'] ) ) )
{
return get( NOT_FOUND_MPG );
}
else
{
return get( );
}
}
else
{
return go( NONE_SELECTED_URL );
}
} run_checks( );
?>
It would go something like that...... and the example I posted has syntax errors sorry about that, never code on an empty stomach.
I would need access to finish, to get the regex right for the referring domain and be able to test it and tell you it is doing it's job, but that's the general idea, and most of the work too......