limitphp Posted April 27, 2009 Share Posted April 27, 2009 I am currently hosted on lunarpages.com What I want to do is sell mp3's of local artists. I only want people to be allowed to download the mp3 if they purchase it. Is there a best practice method of restricting access to a file, and then allow access only if someone purchases the mp3. Using a url key or something? How is this done? Link to comment https://forums.phpfreaks.com/topic/155897-how-would-i-restrict-access-to-files-on-a-website/ Share on other sites More sharing options...
Mchl Posted April 27, 2009 Share Posted April 27, 2009 Store the files outside webserver's document root. Then use PHP to present them to users. Link to comment https://forums.phpfreaks.com/topic/155897-how-would-i-restrict-access-to-files-on-a-website/#findComment-820578 Share on other sites More sharing options...
limitphp Posted April 27, 2009 Author Share Posted April 27, 2009 Store the files outside webserver's document root. Then use PHP to present them to users. Thanks... What do you mean by "use php to present them to users"? Link to comment https://forums.phpfreaks.com/topic/155897-how-would-i-restrict-access-to-files-on-a-website/#findComment-820586 Share on other sites More sharing options...
Mchl Posted April 27, 2009 Share Posted April 27, 2009 Basically use header to set correct file type and just echo contents of the file Link to comment https://forums.phpfreaks.com/topic/155897-how-would-i-restrict-access-to-files-on-a-website/#findComment-820592 Share on other sites More sharing options...
premiso Posted April 27, 2009 Share Posted April 27, 2009 I have not looked into this too much, but here is an example download script: http://www.zubrag.com/scripts/download.php You would use something like that to dish the file. What I would do is if the user bought it, you create a hash in your database for that user which points to the file they bought. Have the hash expire after 24 hours or something similar or require them to be logged in to access it. Then when they call download.php?file=hashcreated you would look up that hash, verify the user then dish out the file. If they are not a valid user or the hash is invalid then you do not deliver the file. You would use a CRON job to clean up the database of hashes older than x amount of time to prevent them from continually leeching/giving it away to someone else. Link to comment https://forums.phpfreaks.com/topic/155897-how-would-i-restrict-access-to-files-on-a-website/#findComment-820596 Share on other sites More sharing options...
limitphp Posted April 27, 2009 Author Share Posted April 27, 2009 Basically use header to set correct file type and just echo contents of the file so, if I had a folder named mp3 right outside my web root folder....with a track, lets say called 1.mp3..... how would I do this? Link to comment https://forums.phpfreaks.com/topic/155897-how-would-i-restrict-access-to-files-on-a-website/#findComment-820599 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.