optikalefx Posted February 1, 2010 Share Posted February 1, 2010 im making a script for downloading files that have been purchased. On the download page... call a php file passing the transaction id download.php?file=2234234982374982734892739842 in download.php go though the db, select that transaction check that the session[userid] matches the id of the userid who made that transaction if it does, serve the zip file to the user Using this method, it requires the user to be logged in to be able to click his download link. So he can't just pass the link around. Also, he can log in and re download the file as many times as he wants, because he is logged in. Anyone find any holes in this method? Quote Link to comment Share on other sites More sharing options...
trq Posted February 1, 2010 Share Posted February 1, 2010 Also, he can log in and re download the file as many times as he wants, because he is logged in. Your session id changes with each login. Quote Link to comment Share on other sites More sharing options...
optikalefx Posted February 1, 2010 Author Share Posted February 1, 2010 i didn't mean session id, i meant id of that user matching the id thats in the transaction db table. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.