pay downloads

[jcombs_31]

I'm going to be working on a possible music download site for DJs and I started thinking about security and how this would work.  Obviously all the mp3s or music files will need to be on a secure volume with no access.  But when a person buys a song/album/etc they have to have access to those specific files.  I'm assume this should be based on a user session.  But, do you give them direct access to the secure volume files, or run a script to temporarily move those files to another location, and when do those files no longer become available to the customer.  I'm just thinking about the whole process, which has me a little confused about how to do it.  It would be much easier to sell something that is not a download.

[ober]

My opinion would be that you move the files temporarily to an accessible location and then force them to use your downloading interface to get the file.  That way you can track the number of bytes that are passed as they download the file.  Once the entire file is downloaded, you remove it.  Either that, or you give them 24 hours to download the file.  (they can copy it once it's downloaded, so I don't think it matters if they download it more than once.... plus this saves you the headache of dealing with customers that had issues with the file when they first downloaded it.

Also, I'm going to edit your signature to make the link work... that's been bugging me.

[jcombs_31]

Hmm, I guess the next question would be about the download interface.  Never done anything like that.  Also, moving files around the server server seems like it could get pretty heavy, especially if the site becomes big, so I'm not sure.  This is on a pretty big scale for me and I wish I could see an example of a company that has already done somthing similar to get a better idea.  Once I have a clear picture of the correct process, I'm sure I can code this to work. 

I didn't know my sig was screwed up, guess I can fix it.

[.josh]

isn't that what napster is doing these days?

[jcombs_31]

[quote author=Crayon Violent link=topic=109711.msg442515#msg442515 date=1159378863]
isn't that what napster is doing these days?
[/quote]

That post was a great contribution to this thread.

[.josh]

You asked for a company that is doing it, I gave an example.

[ober]

Easy fellas...

I'm not actually sure about the download portion myself.  It was just a suggestion... I was hoping you'd go do your own research ;)

[Daniel0]

Create the download dynamically. See this topic: http://www.phpfreaks.com/forums/index.php/topic,95433.0.html

[jcombs_31]

[quote author=Crayon Violent link=topic=109711.msg442531#msg442531 date=1159380367]
You asked for a company that is doing it, I gave an example.
[/quote]

Then you mis-understood, I want the example of HOW the do it, not who does it.

Ober, I thought this was research ;)

[.josh]

[quote author=jcombs_31 link=topic=109711.msg442508#msg442508 date=1159378439]
Hmm, I guess the next question would be about the download interface.  Never done anything like that.  Also, moving files around the server server seems like it could get pretty heavy, especially if the site becomes big, so I'm not sure.  [b]This is on a pretty big scale for me and I wish I could see an example of a company that has already done somthing similar to get a better idea.  Once I have a clear picture of the correct process, I'm sure I can code this to work.  [/b]

I didn't know my sig was screwed up, guess I can fix it.
[/quote]

I'm sorry, I took that to mean "If only I could go to some company's website, look at their process and see what they do, I can figure out how to code it myself."  So I gave an example company that for you to go to their website and go through their download process and see their 'process', and then go and make your own code based off that. Is that not what you meant? Then I am sorry.

p.s. - replying to a misunderstanding with sarcasm is childish.

[jcombs_31]

simmer down buddy, the info you gave me would be similar to me telling you phpfreaks is about php, hence my 'sarcasm'.  I would assume from the original topic start you would assume I'm looking for the backend process.

[ober]

I know this isn't getting overly heated yet, but if you guys don't cool it I'll close the thread and ban you both for a day.... because I can.  ;)

[Ninjakreborn]

My ideas on the process in general would be something like this

The user pay's via paypal(I am assuming that's how they are paying to download), when paypal's ipn comes back you process the request(temporarily database that they have paid, and set them up a temp access id.  Have a login area, an area that is hidden to the public, in that login area, there is a master username/password it's universal for everyone, or even individual, however you want to do it.  Then you have all the files downloading there, and for them to get any of the links to work, they have to have a temporary passcode, that passcode can be stored in a database, and you can set up a script that every 24 hours(as ober said), it removes whatever passcodes are over 24 hours old, this removes access to everyone who doesn't have passcode.  As long as you htaccess (to prevent people from getting to the files folder), I don't think you would have anything to worry about.

[redbullmarky]

Hi
I'm kinda hoping i've fully understood the question and therefore don't sound patronising, so apologies if i've missed the point :) ....
If you don't want someone to have direct access to a file, then pop them outside the directory tree, below the httpdocs (or public_html or whatever yours is). A single script is then all that's required to retrieve and force the file to download (using [s]headers[/s] [b]edit:[/b] the info in the thread by ober that Daniel0 pointed out earlier in this thread), and how you grant access to the files via this script is up to you. I do a similar thing with other types of files for my company, as I dont want people getting direct access (via URL) to them. If I was going to do an MP3 site, then I'd do it in the same way.
It keeps the files away from the unwanted, avoids 'hotlinking', and removes the need to shift files around, so hopefully thats the ticket.

Hope that helps
Cheers
Mark

[redbullmarky]

[quote author=businessman332211 link=topic=109711.msg443319#msg443319 date=1159480350]
My ideas on the process in general would be something like this

The user pay's via paypal(I am assuming that's how they are paying to download), when paypal's ipn comes back you process the request(temporarily database that they have paid, and set them up a temp access id.  Have a login area, an area that is hidden to the public, in that login area, there is a master username/password it's universal for everyone, or even individual, however you want to do it.  Then you have all the files downloading there, and for them to get any of the links to work, they have to have a temporary passcode, that passcode can be stored in a database, and you can set up a script that every 24 hours(as ober said), it removes whatever passcodes are over 24 hours old, this removes access to everyone who doesn't have passcode.  As long as you htaccess (to prevent people from getting to the files folder), I don't think you would have anything to worry about.
[/quote]

???

[AndyB]

Jeff - this article and scripts about "one-time URLs" might be helpful.

http://www.onlamp.com/pub/a/php/2002/12/05/one_time_URLs.html

[jcombs_31]

thanks andy, I'll read more into it later.