Jump to content


This topic is now archived and is closed to further replies.


Best method for...

Recommended Posts


Building a script, simular to payloadz

I have it set up really sweet.
They pay on paypal.
Information is sent back, saying if they paid, how much, and what for. and off course, Success or not.

I also have a script which ReWrites the links (Thanks to someone on this forum)
which is sweet, They can download the file, but only works if they are within the script page.


With the Paypal, they parse the data using GET method, and you connect to the paypal site to confirm everything

What is the best method to stop people copying the address and sending it to a friend to download the files?

I can buy everything, go to a forum, and post the link, now 100 people can download the same thing for free.

shall I make them log in using the email used on paypal. and only show the links to one IP address

Shall I make the Get Links into a Form using POST method, and divert the page to download the links.
(This means that the information used to contact paypal is now in POST method, and only works once)

or another better option from another brain?

Share this post

Link to post
Share on other sites
The best method would be to create a membership system that will keep track of what user has access to what files.

There are some good "membership system" tutorials on this site [url=http://www.phpfreaks.com/tutorial_cat/7/Membership-Systems.php]HERE[/url]

Share this post

Link to post
Share on other sites
I dont need tutorials, I can build membership sites blind folded

I would do that for my site, but my client dont want / aint paying enough for that

Share this post

Link to post
Share on other sites
Sounds like you already have the ability to do what you want to do. I don't understand how developing a new method for protecting certain parts of site is would be less expensive to a client than something you already have the skill to do "blind folded", but I digress...

Perhaps you could have a database table that will track the PayPal transaction ID or email address, the associated file, and whether or not the user has downloaded the file. Once they've downloaded the file it will mark the database entry and "disable" the download link for further use.


Share this post

Link to post
Share on other sites
This question came up before?
How would I check if the file has completly download on the users machine. Its not possible is it.

I was thinkin to check the refer host address,
echo $refer[host];
if($refer[host] == "www.paypal.com" || $refer = "www.sandbox.paypal.com"){
//Show other 300 lines of code
echo "On your bike";

Share this post

Link to post
Share on other sites
store paypal confirmation information in a database

when received via GET, check the database to make sure the confirmation has not already been used

for first time requests, set a SESSION variablle to indicate that downloading is authorized and require the buyer to get their download on that session only

if you want customers to be able to return and re-download whatever it is they're buying, or their purchase allows access to multiple downloads over a period of time, you will need to set up user accounts with password access.  If they are required to submit sensitive information that can be accessed by logging in, only then will they not give out their login information and allow others to get the downloads.  

of course, what's to stop people from emailing whatever they download?

Now if my suggestions are not helpful, please do not be offended!  More information might be needed.

Share this post

Link to post
Share on other sites
Short answer: It's not possible.

Checking the referrer may work, but you can't be 100% sure why or how they came from a certain site to yours.

In the case of my suggestion, to ensure a user can fully download a file, you could:

[*]Give the user the ability to send a form or click a link to "request" another chance to download the file. You could then reenable their download link manually or with a "link request" script
[*]Give the user a certain time period in which they can download the file, giving them plenty of chances to download it correctly, and disable the link after that time period. This, however, gives the user a certain window of time to share out the link.

Share this post

Link to post
Share on other sites
I know its impossible to stop.
Whats to stop someone creating a website with all the files on there. Nothing
Whats to stop emailing the files, Nothing
But if I can stop people cheating the links, it helps more.

If someone wants to do something bad enough, they can. (steal files ect)

Share this post

Link to post
Share on other sites
Impossible to stop completely, because once the user has the file, it's future travels are up to that user.

However, using some of the methods mentioned in this thread, you can at least ensure that when people are getting the file from you, you are getting your due compensation.

Good luck... :)

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.