optikalefx Posted February 1, 2010 Share Posted February 1, 2010 im making a script for downloading files that have been purchased. On the download page... call a php file passing the transaction id download.php?file=2234234982374982734892739842 in download.php go though the db, select that transaction check that the session[userid] matches the id of the userid who made that transaction if it does, serve the zip file to the user Using this method, it requires the user to be logged in to be able to click his download link. So he can't just pass the link around. Also, he can log in and re download the file as many times as he wants, because he is logged in. Anyone find any holes in this method? Link to comment https://forums.phpfreaks.com/topic/190504-tell-me-why-this-wont-work/ Share on other sites More sharing options...
trq Posted February 1, 2010 Share Posted February 1, 2010 Also, he can log in and re download the file as many times as he wants, because he is logged in. Your session id changes with each login. Link to comment https://forums.phpfreaks.com/topic/190504-tell-me-why-this-wont-work/#findComment-1004858 Share on other sites More sharing options...
optikalefx Posted February 1, 2010 Author Share Posted February 1, 2010 i didn't mean session id, i meant id of that user matching the id thats in the transaction db table. Link to comment https://forums.phpfreaks.com/topic/190504-tell-me-why-this-wont-work/#findComment-1004861 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.