How would I restrict access to files on a website?

[limitphp]

I am currently hosted on lunarpages.com

What I want to do is sell mp3's of local artists.  I only want people to be allowed to download the mp3 if they purchase it.

 

Is there a best practice method of restricting access to a file, and then allow access only if someone purchases the mp3.  Using a url key or something?

 

How is this done?

[Mchl]

Store the files outside webserver's document root. Then use PHP to present them to users.

[limitphp]

Store the files outside webserver's document root. Then use PHP to present them to users.

 

Thanks...

 

What do you mean by "use php to present them to users"?

[Mchl]

Basically use header to set correct file type and just echo contents of the file

[premiso]

I have not looked into this too much, but here is an example download script:

 

http://www.zubrag.com/scripts/download.php

 

You would use something like that to dish the file. What I would do is if the user bought it, you create a hash in your database for that user which points to the file they bought. Have the hash expire after 24 hours or something similar or require them to be logged in to access it. Then when they call download.php?file=hashcreated  you would look up that hash, verify the user then dish out the file. If they are not a valid user or the hash is invalid then you do not deliver the file.

 

You would use a CRON job to clean up the database of hashes older than x amount of time to prevent them from continually leeching/giving it away to someone else.

[limitphp]

Basically use header to set correct file type and just echo contents of the file

 

so, if I had a folder named mp3 right outside my web root folder....with a track, lets say called 1.mp3.....

 

how would I do this?