Providing Security for Download Files from website

[vicky_rk13]

I am trying to Implement a site which provides File for Download after they are purchaced online.

 

The files for download need to be accessable to download manager after only the user logs in.

and also the file download url should be active for only a specified period say(7 days).

 

The functionalaty i need is similar to that provided by RapidShare.com, MegaUpload.com etc,

 

I have no clue how to do it , I would be happy to recive any help about the same...

 

[Bendude14]

well i would guess cookies are the simplest way to implement this. you can set them to expire however long you like after they are created

 

try looking up cookies in php on google

 

 

[bluejay002]

Well, I do use session for that.

[wrathican]

what i would have is a page that can verify that a user is logged in and that a user's time to download hasn't expired.

 

something like so:

<?php

//post the id of the file to download in the URL

$downloadId = $_GET['id'];

//check if the user is logged in
if ($_SESSION['loggedin'] == 1) { //user is logged in
//check if the user has not expired.
//i would do this by using a table containing the date the user 'expires'
//get the date from the table check it against todays date
//im not quite sure how to compare dates so dont take this as gospel
if ($tableDate < $todaysDate) {
//display the link to the file to download
}else{
//the user has expired
echo 'your too late sucker!';
}
}else{
//user is not logged in
echo 'you need to be logged in silly';
}
?>

 

hope it helps

[Bendude14]

to compare time do this

 

<?php
// set a time limit in seconds
$timelimit = 604800;//timelimit is in seconds so just figure out how many you need 604800 is 7 days

// get the current time
$now = time();

//$_SESSION['start'] should be set when first activated and i presume you will store this in a database as the session will be destroyed //if they close the browser

if ($now > $_SESSION['start'] + $timelimit) {

echo "your too late" } else { echo "go ahead and download it" }

?>

 

 

[vicky_rk13]

Thank guys for the replies

 

well authentication and URL Expiry is ok

but this is where i am facing the problem...

 

the files hosted are big i.e., in the size of GB's .

 

So i used Download Manager to Start the download in which i was Successfull,

but i am not able to resume the download when i pause it.

 

I requirement is the user should be able to download files using the Download Manager during the specified period and also the Files are to be Secured.

[vicky_rk13]

Sorry i forgot to mention

 

I am using IIS 6.0 for my website