location ~ /secure/(.*)/(X-FACTOR-EYYRBBFHR64534)/(.*) {
flv;
set $secret_value "JOP3zneXLjM";
set $hash_value $1;
set_md5 $secret_hash $2$secret_value;
set $value $3;
if ($hash_value != $secret_hash) { rewrite ^ /error.html break; }
rewrite ^ /X-FACTOR-EYYRBBFHR64534/$value?$args break;
}
location /X-FACTOR-EYYRBBFHR64534 { flv; internal; }
function loadPlayer(p) {var D = new Date(); var T = D.getTime();document.write("");}
<?php
header("Pragma: no-cache");
header("Cache-Control: no-cache,must-revalidate");
require "secret.php";
$value = "st=http://SITE/uppod/video7-1005.txt&pl=";
$value = $value . "http://HOST/secure/playlists/";
if(preg_match("/SITE/i",$_SERVER["HTTP_REFERER"]))
{ $value = $value . md5($_GET["playlist"].".txt".$secret); }
$value = $value . "/".$_GET["playlist"].".txt&poster=";
?>
<object id="videoplayer113031" type="application/x-shockwave-flash" data=http://SITE/uppod/uppod.swf width="500" height="650">
<param name="allowFullScreen" value="true" />
<param name="allowScriptAccess" value="always" />
<param name="wmode" value="transparent" />
<param name="movie" value="http://SITE/uppod/uppod.swf" />
<param name="flashvars" value="<?php echo $value; ?>" />
</object>
Source: https://habr.com/ru/post/125934/