如何加密URL和解密以访问被拒绝的访问内容？

Question

我创建了一个名为secure的文件夹，在该文件夹中，我有一个文件.htaccess和这些文件.mp4

secure
    |--- trailer.mp4
    |--- .htaccess

我的档案 .htaccess

RewriteEngine on

RewriteRule ^(.*)/(.*)/(.*)$ file.php?h=$1&t=$2&v=$3
RewriteRule ^$ - [F]
RewriteRule ^[^/]+\.(flv|mp4)$ - [F]

通过此表格，我可以毫无问题地访问文件。

$path = "secure/trailer.mp4";
$size=filesize($path);

$fm=@fopen($path,'rb');
if(!$fm) {
  // You can also redirect here
  header ("HTTP/1.0 404 Not Found");
  die();
}

$begin=0;
$end=$size;

if(isset($_SERVER['HTTP_RANGE'])) {
  if(preg_match('/bytes=\h*(\d+)-(\d*)[\D.*]?/i', $_SERVER['HTTP_RANGE'], $matches)) {
    $begin=intval($matches[0]);
    if(!empty($matches[1])) {
      $end=intval($matches[1]);
    }
  }
}

if($begin>0||$end<$size)
  header('HTTP/1.0 206 Partial Content');
else
  header('HTTP/1.0 200 OK');

header("Content-Type: video/mp4");
header('Accept-Ranges: bytes');
header('Content-Length:'.($end-$begin));
header("Content-Disposition: inline;");
header("Content-Range: bytes $begin-$end/$size");
header("Content-Transfer-Encoding: binary\n");
header('Connection: close');

$cur=$begin;
fseek($fm,$begin,0);

while(!feof($fm)&&$cur<$end&&(connection_status()==0))
{ print fread($fm,min(1024*16,$end-$cur));
  $cur+=1024*16;
  usleep(1000);
}
die();

但是目前想要加密文件的路径并解密文件file.php对我来说不起作用，它不再打开，它不播放文件.mp4。

crypto.php

<?php
session_start();
$sid = session_id();

$path = "secure/trailer.mp4";

$hash = md5($path.$sid); //You need to use proper encryption. This is not secure at all.

$_SESSION[$hash] = $path;
?>
<html>
<head></head>
<body>
    <video width="320" height="240" controls>
        <source src="file.php?video=<?= $hash ?>" type="video/mp4">
    </video>
</body>
</html>

在文件file.php中解密

<?php
session_start();
if (isset($_GET["video"]) && isset($_SESSION[$_GET["video"]])) {

$file = $_SESSION[$_GET["video"]]; //Get the filename
readfile($file);

$path = $file;
//$path = "secure/trailer.mp4";
$size=filesize($path);

$fm=@fopen($path,'rb');
if(!$fm) {
  // You can also redirect here
  header ("HTTP/1.0 404 Not Found");
  die();
}

$begin=0;
$end=$size;

if(isset($_SERVER['HTTP_RANGE'])) {
  if(preg_match('/bytes=\h*(\d+)-(\d*)[\D.*]?/i', $_SERVER['HTTP_RANGE'], $matches)) {
    $begin=intval($matches[0]);
    if(!empty($matches[1])) {
      $end=intval($matches[1]);
    }
  }
}

if($begin>0||$end<$size)
  header('HTTP/1.0 206 Partial Content');
else
  header('HTTP/1.0 200 OK');

header("Content-Type: video/mp4");
header('Accept-Ranges: bytes');
header('Content-Length:'.($end-$begin));
header("Content-Disposition: inline;");
header("Content-Range: bytes $begin-$end/$size");
header("Content-Transfer-Encoding: binary\n");
header('Connection: close');

$cur=$begin;
fseek($fm,$begin,0);

while(!feof($fm)&&$cur<$end&&(connection_status()==0))
{ print fread($fm,min(1024*16,$end-$cur));
  $cur+=1024*16;
  usleep(1000);
}
die();
}

他们可以向我解释我做错了，我试图使url具有12小时的验证访问权限，我希望这一代人可以通过其ip地址来访问。