Jump to content


Photo

Creating Download Links


  • Please log in to reply
3 replies to this topic

#1 radalin

radalin
  • Members
  • PipPipPip
  • Advanced Member
  • 179 posts

Posted 06 August 2006 - 04:42 PM

Hi,
I have created a user system by which I force visitors to login to download anything from my server. But the thing is, I'm still not sure how I should secure download thing. I think about referrers (which I'm not very sure how to use them, I appreciate some help) then without the right referrer no one can download it. But what if the user learns the complete link! Then he will be able to download it. How can I prevent it? With an .htacces I think I can prevent people from downloading directly from the link but I'm not very sure about that. And let's say the referrer was good enough and he started to download. He uses a program like flashget and he want to resume his download. How can I handle this problem as the second time he will open the flashget referrer can be broken or old or whatever or the flashget deals it for me?

Thank you for your time
Roy Simkes
Yet Another Parkyeri Developer

#2 shocker-z

shocker-z
  • Members
  • PipPipPip
  • Advanced Member
  • 864 posts
  • LocationNottingham

Posted 06 August 2006 - 04:49 PM

well there are a few ways..

Store in database so then you only pull data when user logged in.. therefore no-one that hasn't got the user session set can access the download and no direct link.

You can do simular by storing all files outside of the web root and then read the file and headers intoa page upon a users session being set and work very simular to the database.

Regards
Liam
www: www.ukchat.ws | irc: irc.ukchat.ws chan: #blufudge

#3 AndyB

AndyB
  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 06 August 2006 - 05:28 PM

Good information source for 'one-time URLs' which might ne useful to you.

http://www.onlamp.co..._time_URLs.html
Legend has it that reading the manual never killed anyone.
My site

#4 radalin

radalin
  • Members
  • PipPipPip
  • Advanced Member
  • 179 posts

Posted 07 August 2006 - 07:57 AM

Thanks guys. That's what I have been looking for. But there is a thing that I didn't clearly get how I could do it. In the article it said:

The code in generate_url.php, of course has to be protected, too. The easiest way of doing that is probably to include it in the "thank-you-for-ordering-page" of your orderflow and make this file accessible only for clients coming from the secure-payment-complete-page


I do not know how I can check which page the client is coming from. Could you give me a link that explains this or an article abou this.
Thank you for your time.
Roy Simkes
Yet Another Parkyeri Developer




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users