Jump to content


Photo

Best method for...


  • Please log in to reply
8 replies to this topic

#1 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 02 August 2006 - 03:29 PM

Hey

Building a script, simular to payloadz

I have it set up really sweet.
They pay on paypal.
Information is sent back, saying if they paid, how much, and what for. and off course, Success or not.

I also have a script which ReWrites the links (Thanks to someone on this forum)
which is sweet, They can download the file, but only works if they are within the script page.

Now

With the Paypal, they parse the data using GET method, and you connect to the paypal site to confirm everything

What is the best method to stop people copying the address and sending it to a friend to download the files?

I can buy everything, go to a forum, and post the link, now 100 people can download the same thing for free.

shall I make them log in using the email used on paypal. and only show the links to one IP address

Shall I make the Get Links into a Form using POST method, and divert the page to download the links.
(This means that the information used to contact paypal is now in POST method, and only works once)

or another better option from another brain?
Tell me the problem, I will try tell you the solution

#2 HeyRay2

HeyRay2
  • Members
  • PipPipPip
  • Advanced Member
  • 223 posts

Posted 02 August 2006 - 03:49 PM

The best method would be to create a membership system that will keep track of what user has access to what files.

There are some good "membership system" tutorials on this site HERE

#3 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 02 August 2006 - 03:53 PM

I dont need tutorials, I can build membership sites blind folded

I would do that for my site, but my client dont want / aint paying enough for that
Tell me the problem, I will try tell you the solution

#4 HeyRay2

HeyRay2
  • Members
  • PipPipPip
  • Advanced Member
  • 223 posts

Posted 02 August 2006 - 04:03 PM

Sounds like you already have the ability to do what you want to do. I don't understand how developing a new method for protecting certain parts of site is would be less expensive to a client than something you already have the skill to do "blind folded", but I digress...

Perhaps you could have a database table that will track the PayPal transaction ID or email address, the associated file, and whether or not the user has downloaded the file. Once they've downloaded the file it will mark the database entry and "disable" the download link for further use.

;)


#5 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 02 August 2006 - 04:07 PM

This question came up before?
How would I check if the file has completly download on the users machine. Its not possible is it.

I was thinkin to check the refer host address,
$refer=parse_url($_SERVER['HTTP_REFERER']);  
echo $refer[host];
if($refer[host] == "www.paypal.com" || $refer = "www.sandbox.paypal.com"){
//Show other 300 lines of code
}else{
echo "On your bike";
}

Tell me the problem, I will try tell you the solution

#6 bltesar

bltesar
  • Members
  • PipPipPip
  • Advanced Member
  • 109 posts

Posted 02 August 2006 - 04:18 PM

store paypal confirmation information in a database

when received via GET, check the database to make sure the confirmation has not already been used

for first time requests, set a SESSION variablle to indicate that downloading is authorized and require the buyer to get their download on that session only


if you want customers to be able to return and re-download whatever it is they're buying, or their purchase allows access to multiple downloads over a period of time, you will need to set up user accounts with password access.  If they are required to submit sensitive information that can be accessed by logging in, only then will they not give out their login information and allow others to get the downloads.  


of course, what's to stop people from emailing whatever they download?


Now if my suggestions are not helpful, please do not be offended!  More information might be needed.



#7 HeyRay2

HeyRay2
  • Members
  • PipPipPip
  • Advanced Member
  • 223 posts

Posted 02 August 2006 - 04:24 PM

Short answer: It's not possible.

Checking the referrer may work, but you can't be 100% sure why or how they came from a certain site to yours.

In the case of my suggestion, to ensure a user can fully download a file, you could:

  • Give the user the ability to send a form or click a link to "request" another chance to download the file. You could then reenable their download link manually or with a "link request" script
  • Give the user a certain time period in which they can download the file, giving them plenty of chances to download it correctly, and disable the link after that time period. This, however, gives the user a certain window of time to share out the link.


#8 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 02 August 2006 - 04:42 PM

I know its impossible to stop.
Whats to stop someone creating a website with all the files on there. Nothing
Whats to stop emailing the files, Nothing
But if I can stop people cheating the links, it helps more.

If someone wants to do something bad enough, they can. (steal files ect)
Tell me the problem, I will try tell you the solution

#9 HeyRay2

HeyRay2
  • Members
  • PipPipPip
  • Advanced Member
  • 223 posts

Posted 02 August 2006 - 05:53 PM

Impossible to stop completely, because once the user has the file, it's future travels are up to that user.

However, using some of the methods mentioned in this thread, you can at least ensure that when people are getting the file from you, you are getting your due compensation.

Good luck... :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users