Jump to content

xphp

New Members
  • Posts

    5
  • Joined

  • Last visited

Posts posted by xphp

  1. Thanks Kicken,

    Very helpful.

    I may encrypt the info in the session variable before storing them.

    I have to come up with a strategy for how to hold/store/handle the key.

    At the end of the day, I want to make some effort to protect against a malicious person who somehow gets access to my site, FTP or otherwise.

    I have been building website since 1998 and only once someone used an old Open Software install (that I had forgotten about) that had a vulnerability and seriously ran amok throughout my site. I was so traumatized by that that I slowly removed all Open Source / CRM items, like Wordpress and everything is now  100% my code.

    Hey thanks again.

    Look for BTC tomorrow - wallet not on the air right now.

    Wanted to IM you but did not see how to do that.

    All the best,

    xphp

     

  2. 19 minutes ago, requinix said:

    If it's anything like credit card chargebacks then I feel bad for you, but it's an issue with the vendor. They need to provide a way for you to challenge refund requests, and you do so by recording downloads.

    The user pays and gets the file, and when you serve the download you record that: date, file, user account, IP address, etc. When your processor notifies you of a refund, you fight back by showing them that the user received the service they paid for, then hope that the vendor accepts it and denies the refund.

    Sorry .....  DL means Download !

  3. Thanks requinix,

    Yes, I get what you say.

    Clickbank has motto of "no questions asked" refund.

    They do that because folks who sell "how to make money on the Internet" often badly oversell their wares and clickbank wants them to easily get refunds.

    Thanks for responding.

    I have been on this site for 1 day, and I love it already.

    Best,

    xphp

     

  4. I have a PHP page that offers various information from a single text file. This text file is

    encrypted on the server HD.

    Upon initial entry into the page, the user enters an encryption/decryption KEY and the

    encrypted file is decrypted to clear text and it is available for viewing.

    I have some parameters that I store in PHP session variables. I do this since various

    subsequent actions by the user will require these parameters. The code is written and the whole process seems to

    work well.

    Since the info in these session variables is sensitive, I need to understand WHERE they are

    stored. I know that it is a file on the HD, but after hours of reading the PHP Manual on

    sessions, I am not finding where (HD directory) that storage is.

    I have a typical shared hosting account for my web site. Mostly I want to discover is, are

    the session variables in y User/file hierarchy, or are they stored in a system area where

    the PHP is installed.

    Whew. Sorry this was so long.

    Thank you,
    xphp

  5. Hi SaranacLake,

    Here is an idea you.

    But first I want to tell you that, while I have written quite a bit of PHP code, I do NOT consider myself a PHP expert. On the other hand there are many individuals on this site who ARE experts.

    I have written and offered content articles and books for quite a few years (15+). Mostly I used clickbank to accomplish the transaction. then the user would be routed to a DL page. Problem I ran into, again and again was that people would get the PDF book, then immediately ask clickbank for a refund - and get it.

    So I switched to print-on-demand paperbacks.

    Anyway, how about after the customer pays for a book, you generate a random number, and give it to them as a password for the your DL page. You can activate that PW behind the scenes and time-limit it so 2 hours later it does not work.

    Would something like that work?

    Also ......

    You keep saying "security". Are you concerned that someone gets FTP access to your site and can DL anything?

    Hope that never happens.

    Best,

    xphp

     

     

     

     

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.