Jump to content

Archived

This topic is now archived and is closed to further replies.

radalin

Creating Download Links

Recommended Posts

Hi,
I have created a user system by which I force visitors to login to download anything from my server. But the thing is, I'm still not sure how I should secure download thing. I think about referrers (which I'm not very sure how to use them, I appreciate some help) then without the right referrer no one can download it. But what if the user learns the complete link! Then he will be able to download it. How can I prevent it? With an .htacces I think I can prevent people from downloading directly from the link but I'm not very sure about that. And let's say the referrer was good enough and he started to download. He uses a program like flashget and he want to resume his download. How can I handle this problem as the second time he will open the flashget referrer can be broken or old or whatever or the flashget deals it for me?

Thank you for your time

Share this post


Link to post
Share on other sites
well there are a few ways..

Store in database so then you only pull data when user logged in.. therefore no-one that hasn't got the user session set can access the download and no direct link.

You can do simular by storing all files outside of the web root and then read the file and headers intoa page upon a users session being set and work very simular to the database.

Regards
Liam

Share this post


Link to post
Share on other sites
Good information source for 'one-time URLs' which might ne useful to you.

http://www.onlamp.com/pub/a/php/2002/12/05/one_time_URLs.html

Share this post


Link to post
Share on other sites
Thanks guys. That's what I have been looking for. But there is a thing that I didn't clearly get how I could do it. In the article it said:

[quote]
The code in generate_url.php, of course has to be protected, too. The easiest way of doing that is probably to include it in the "thank-you-for-ordering-page" of your orderflow and make this file accessible only for clients coming from the secure-payment-complete-page
[/quote]

I do not know how I can check which page the client is coming from. Could you give me a link that explains this or an article abou this.
Thank you for your time.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.