Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

http auth with CURL then redirect to mp3?

Serving a protected file to an internet radio.

9:58 pm on Aug 8, 2010 (gmt 0)

5+ Year Member

I've got a hardware internet radio player which needs to play a stream which is behind an http auth (standard 401 request).

Unfortunately, the device can't cope with http auth, you can't build the username and password into the link (eg: username:password@http etc - and besides, the server won't accept that) and it plays streams by calling an xml playlist first, which is also behind the barrier. Fortunately, the http auth request is not ssl, which might make things easier.

What the device CAN do, however, is variables within the url. ie: [my.com...]

Rather than pointing directly to the password protected audio server, I thought about bouncing the request off my webhosting Apache/php server and using some kind of redirect (.htaccess with php?) to check the variable against a lookup table of username and password, then somehow think that it was the radio which was authorised.

The problem is, the radio is one IP address, my server is another address (and I don't have root access so no httpd.conf tweaks), and the media server (which I have no control over) is another address.

No problem with the podcast xml - this works great:

$url = "http://www.example.com/something.xml";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERPWD, "user:pass");
$xmlResponse = curl_exec($ch);

But of course, this is reading in and serving out again. Not what I want to be doing with large mp3 files - and would probably break their T&C too! So, what about a redirect?

header("Content-Type: audio/mpeg");
$url = "http://www.example.com/something.mp3";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERPWD, "user:pass");
header('Location: ' . $url);

but this just takes me to the authorisation page. Sigh.

Anyone got any ideas?
4:19 pm on Aug 9, 2010 (gmt 0)

5+ Year Member

This is a tricky one, and I'm not sure there's an easy answer. It sounds like you're essentially needing to create a proxy for the audio server, but only for the login part--without actually passing the audio data through. The best idea I can come up with is to force the device to make a HTTP request to a string, completely ignoring what the string may be. Then, your device could make the appropriate request to your web server, which would build the URL necessary to let the device access the radio stream and echo it back to the device. Once the device received it, it could make the request directly to the server.

However, this would require that the device be able to support arbitrary HTTP request strings. Based on your description, I'm not sure if this is possible.

It might also be possible to send a request to the audio server from your server with the IP address spoofed to be the radio device's IP address. However, the legality and advisability of such spoofing might be debated.
8:45 am on Aug 11, 2010 (gmt 0)

5+ Year Member

WesleyC - thanks, you're right about the request strings, and I have a horrid feeling the suggestion in your last para would be the only way to go. As that would entail running my own server, it's a financial as well as a legal problem too!

OK, well at least it confirms I wasn't missing a trick there. Thanks again.

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month