File protection

I currently am storing my .flv files in the cgi-bin directory for protection from being easily stolen. What I want to do is have a script that will allow me to embed files via this method:

Psuedo: <embed src=”flashvideo.php?filename=testfile.flv”></embed>

Then my script will of coarse point to the correct path and allow the flash video player to read the data.

I currently have a script started that does all this and outputs the data with the header() function but doesn’t seem to be doing the trick.

[code=php]
<?PHP
$filename = $_GET[‘filename’];

if(!$filename || empty($filename) || !preg_match(‘/./’,$filename))
{
die(“Invalid filename”);
}

if(isset($filename) && !empty($filename))
{
$dir = “/dir-to-my-files/”;
$file_extension = strtolower(substr(strrchr($filename,”.”),1));

// required for IE, otherwise Content-disposition is ignored
if(ini_get(‘zlib.output_compression’)) ini_set(‘zlib.output_compression’, ‘Off’);

header(“Cache-Control: no-store, no-cache, must-revalidate”); // HTTP/1.1
header(“Cache-Control: post-check=0, pre-check=0”, false);
header(“Pragma: no-cache”); // HTTP/1.0
header(“Content-Type: video/x-flv”);
header(‘Content-Length: ‘ . filesize($dir . $filename));
header(‘Content-Disposition: inline; filename=”‘ . $filename . ‘”‘);
header(“Content-Transfer-Encoding: binaryn”);
readfile($dir . $filename);
exit();
}
?>
[/code]

Any suggestions?

Also in #PHP _↴