I am having a very odd problem when I am trying to stream music using php from my local server. I have basic username / password authorization checks to make sure that the user has the correct permissions to stream the file. The problem lies in these checks though.
I am using the exit function of php to abort the script if the user doesn't have permission to view the file, and echo to notify the user. The exit function appears to be breaking the streaming, even when it doesn't execute.
Here are the highlights of my code:
function hasPermission($user,$perm)
{
if (!accountHasPermission($user,$perm) )
{
echo "<center><a style='color:indianred'>Failed to Authenticate: 1";
echo "<br><br><a href='javascript:history.back()'>Go Back</a>";
exit;
}
}
function streamTest()
{
$filename = "uploads/path_to_file";
if(file_exists($filename)){
header('Content-type: audio/mpeg');
header('Content-Disposition: filename=' . basename($filename) );
header('X-Pad: avoid browser bug');
header('Cache-Control: no-cache');
readfile( $filename );
}else{
header("HTTP/1.0 404 Not Found");
}
}
hasPermission($_POST["username"],"manageFilesWeb");
streamTest();
exit;
If I comment out the exit call in the hasPermission function, the audio will stream without problem. Using chrome, I get a nice audio player that looks like this. Of course, the exit function will never get called because I am using an account with the correct permissions. I am 100% sure of this. If the exit function is not commented out, the music file will not stream on chrome and the audio player will look like this. I have tried multiple chrome browsers and always get the same results. However, the music will stream in a firefox browser regardless of the exit line being commented out or not.
I have tried various other options such as using return, die, if/else, but everything will give me the same results.
I should also note that I have been using the hasPermission function for everything else on my server, such as uploading and downloading files. It has never given me any problem until now. It took me hours of trial and error to figure out that the exit call could be the problem.
I have gotten to the point where I have no idea what is going on. I have already had to remove simple if/else checks because they were interrupting the streaming process, but I have gotten to the point where I will significantly be reducing security if I remove any more.
Update: I found the issue. The authorization checks are the problem. I suppose during the file transfer, the _POST data is undefined, causing my authorization checks to fail. Is there a way to get the username and password while the file is streaming to avoid this?
- Firefox appears to constantly send the _POST data, which allows the verification checks to pass, keeping the file stream alive. While chrome does appears to just send it once.