Download section, similar to Swapdrive

[NathanLedet]

I'm trying to create a personalized site, similar to Swapdrive, in that we are able to upload and e-mail file links to our clients.

 

I have the script set up and working so that we select x amount of files (file names), then the next screen displays a list of e-mail addresses in our address book, and then an e-mail is dispatched to the e-mail addresses with download links.

 

If you've ever received an e-mail from someone at Swapdrive, they e-mail you a link which takes you to the swapdrive site where you have to click to download each file... What's unique about this is it displays ONLY the files that were selected by the sender.  When you recieve the e-mail, you get a link with a long crazy string of text at the end: c+dQUV3dGGQ0F0ciLI6oZDKNoP+BzkbDO50jZDbDwv96iExRow==url

 

I want to do something similar in that PHP generates a string of random text that appends to a url, and when that entire URL is put into a url bar, it pulls up the selected files to download.

 

thanks!

[fanfavorite]

I would setup a database with two columns (Files,RandomKeys).  When someone selects the files, it inserts a row with the files (file1.zip,file2.zip,file3.zip) and generates a random key that is sent is a url (yourdomain.com/download.php?id=".$randomkeyhere).  Then when the page link displays, it pulls the files out of the database based on the Random Key value. 

[NathanLedet]

Yeah I think that's the right direction to take! It makes sense, I'm just not sure now what I should do to generate a random number...or the significance behind a 10, 15, 20, or more random numbers.  Suggestions for that? Thanks!! 

 

I found this...it may do the trick... ?

http://www.i-fubar.com/random-string-generator.php

[anon_login_001]

"Significance" of those strings only matters if *you* need there be some significance... You could potentially just use numbers, starting from 1, and be just fine... however: what happens if a user is accessing a file # 3, and thinks "hmmm... wonder if I change this to 2..." and is suddenly able to get files intended for someone else.

 

A good reason to use a random string is that it makes that less of a problem, since there's not a sequential number for someone to look at "try" to hack at.

 

I know security wasn't part of your question, tho, so sorry.

 

Presumably, any random string generator would be fine. You could also be pretty well off just generating a SHA1 hash, or something like that.  fanfavorite  said it right, that a basic structure in a database would simply relate that random string to the actual file to be downloaded.

 

Another thing to consider is not to go *too long* with the string, as some email systems chop/wrap lines at around 70 characters wide... so if your website address, plus directory structure, plus random string are longer than 70 characters (easy to do!) you run the risk of breaking those email links.

 

Sorry for the long-windedness.  I hope I answered your question in there somewhere.  = )

 

 

[NathanLedet]

No really, I appreciate the tip.  I am looking to do it as a random thing and not sequential, because you're right...someone would change numbers just to snoop around. 

 

the longest I will probably go will be 16 characters.  The link I posted above will generate as many characters as I specify.

 

Thanks again

[NathanLedet]

OK so Just for my own personal knowledge...I haven't dealt with probability in years, so I have forgotten...

 

If I use the code above, what is the probability that I will generate the same code twice?

 

the code randomly picks from 36 characters, and generates 16 random characters.

 

Each space out of 16 has a 1/36 chance of getting character "x" ("x" being a random character, not the letter x)

 

I'm thinking that the probability of generating the same 16 character code would have to be up there in the multi-millions somewhere..but i forget how to calculate that