OptinPlayer is unique among standalone web video players because it comes
with the server-side feature to
optionally protect your content from hot-linking with Amazon S3 Authenticated URL's.
This is achieved by the use of AJAX technology to allow the web page to
communicate with a PHP script included in the OptinPlayer package that generates
unique URL's for the video playback each time the page is visited.
Using Amazon authenticated URL's for your video source means that the video URL cannot be copied and used elsewhere, such as in another site (hotlinking). That's because it expires a set time after it has been generated - long enough for a visitor to initiate playback but no longer.
To achieve this OptinPlayer generates a new secure URL each time the page is visited, or refreshed. This must be done on the server and a small PHP script is used to do this. Typically this kind of functionality is only found in subscription services, making OptinPlayer unique in this respect.
Create an S3 account section 4 and modify
the permissions for your video as follows:
Remove the Grantee "Everyone" and under the Grantee "Authenticated Users" ensure that the "Open/Download" checkbox is checked, and save.
In the folder "optinplayer" you will see a sub-folder called "php" and in there a file called "utils.php". Open this in a simple text editor and see the section at the top like this:
$accessKey = '87YHJNRTF568HFE45TVN';
$secretKey = 'iUYh6750jmpojiudladurhYFHJJudjlpoi87^frD';
$expires = 300;
$bucket = 'mybucket1';
Enter your Amazon Access key and Secret key as in the example. These keys are provided
to you when you sign up for Amazon S3. The expires time is set at 300 seconds by default,
and can be left to this for most purposes. For testing (see below), you can set it to something
shorter, say 30 seconds, but don't forget to change it back. Finally enter the name of your bucket.
When you are done, save and upload this file to your server into the correct optinplayer folder.
In your OptinPlayer code add the following option somewhere:
'S3auth' : true,
And change the video URL to contain only the name of your video plus extension, for example:
'flash' : 'myVideo.flv',
'html5' : 'myVideo.mp4',
You will need a developer tool such as Firebug (for FireFox) to obtain the actual URL used for the video. In Firebug, click on the "Net" tab and refresh the page. You will see the URL used for Amazon authentication, and can right click and copy it. It will look something like this:
Paste that URL into a new tab in your browser and load it. Do this within the expires
period you have specified above. Within that timeframe you will get a prompt
from the browser to download the file, which simply means that the authenticated
URL is working ok.
Now wait until the expire time has passed and refresh the page. Instead of a download prompt you will something like this:
<Message>Request has expired</Message>
In other words, the request is not valid because it has timed out.
Note that once the playback of the video has begun, this timeout is unimportant, the video can be as long as you want. It is only the time from URL generation to the actual request that is measured.