Jump to content

Best method for...


onlyican

Recommended Posts

Hey

Building a script, simular to payloadz

I have it set up really sweet.
They pay on paypal.
Information is sent back, saying if they paid, how much, and what for. and off course, Success or not.

I also have a script which ReWrites the links (Thanks to someone on this forum)
which is sweet, They can download the file, but only works if they are within the script page.

Now

With the Paypal, they parse the data using GET method, and you connect to the paypal site to confirm everything

What is the best method to stop people copying the address and sending it to a friend to download the files?

I can buy everything, go to a forum, and post the link, now 100 people can download the same thing for free.

shall I make them log in using the email used on paypal. and only show the links to one IP address

Shall I make the Get Links into a Form using POST method, and divert the page to download the links.
(This means that the information used to contact paypal is now in POST method, and only works once)

or another better option from another brain?
Link to comment
Share on other sites

The best method would be to create a membership system that will keep track of what user has access to what files.

There are some good "membership system" tutorials on this site [url=http://www.phpfreaks.com/tutorial_cat/7/Membership-Systems.php]HERE[/url]
Link to comment
Share on other sites

Sounds like you already have the ability to do what you want to do. I don't understand how developing a new method for protecting certain parts of site is would be less expensive to a client than something you already have the skill to do "blind folded", but I digress...

Perhaps you could have a database table that will track the PayPal transaction ID or email address, the associated file, and whether or not the user has downloaded the file. Once they've downloaded the file it will mark the database entry and "disable" the download link for further use.

;)
Link to comment
Share on other sites

This question came up before?
How would I check if the file has completly download on the users machine. Its not possible is it.

I was thinkin to check the refer host address,
[code=php:0]
$refer=parse_url($_SERVER['HTTP_REFERER']); 
echo $refer[host];
if($refer[host] == "www.paypal.com" || $refer = "www.sandbox.paypal.com"){
//Show other 300 lines of code
}else{
echo "On your bike";
}
[/code]
Link to comment
Share on other sites

store paypal confirmation information in a database

when received via GET, check the database to make sure the confirmation has not already been used

for first time requests, set a SESSION variablle to indicate that downloading is authorized and require the buyer to get their download on that session only


if you want customers to be able to return and re-download whatever it is they're buying, or their purchase allows access to multiple downloads over a period of time, you will need to set up user accounts with password access.  If they are required to submit sensitive information that can be accessed by logging in, only then will they not give out their login information and allow others to get the downloads.  


of course, what's to stop people from emailing whatever they download?


Now if my suggestions are not helpful, please do not be offended!  More information might be needed.

Link to comment
Share on other sites

Short answer: It's not possible.

Checking the referrer may work, but you can't be 100% sure why or how they came from a certain site to yours.

In the case of my suggestion, to ensure a user can fully download a file, you could:

[list]
[*]Give the user the ability to send a form or click a link to "request" another chance to download the file. You could then reenable their download link manually or with a "link request" script
[*]Give the user a certain time period in which they can download the file, giving them plenty of chances to download it correctly, and disable the link after that time period. This, however, gives the user a certain window of time to share out the link.
[/list]
Link to comment
Share on other sites

I know its impossible to stop.
Whats to stop someone creating a website with all the files on there. Nothing
Whats to stop emailing the files, Nothing
But if I can stop people cheating the links, it helps more.

If someone wants to do something bad enough, they can. (steal files ect)
Link to comment
Share on other sites

Impossible to stop completely, because once the user has the file, it's future travels are up to that user.

However, using some of the methods mentioned in this thread, you can at least ensure that when people are getting the file from you, you are getting your due compensation.

Good luck... :)
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.