Jump to content

pay downloads


jcombs_31

Recommended Posts

I'm going to be working on a possible music download site for DJs and I started thinking about security and how this would work.  Obviously all the mp3s or music files will need to be on a secure volume with no access.  But when a person buys a song/album/etc they have to have access to those specific files.  I'm assume this should be based on a user session.  But, do you give them direct access to the secure volume files, or run a script to temporarily move those files to another location, and when do those files no longer become available to the customer.  I'm just thinking about the whole process, which has me a little confused about how to do it.  It would be much easier to sell something that is not a download.
Link to comment
Share on other sites

My opinion would be that you move the files temporarily to an accessible location and then force them to use your downloading interface to get the file.  That way you can track the number of bytes that are passed as they download the file.  Once the entire file is downloaded, you remove it.  Either that, or you give them 24 hours to download the file.  (they can copy it once it's downloaded, so I don't think it matters if they download it more than once.... plus this saves you the headache of dealing with customers that had issues with the file when they first downloaded it.

Also, I'm going to edit your signature to make the link work... that's been bugging me.
Link to comment
Share on other sites

Hmm, I guess the next question would be about the download interface.  Never done anything like that.  Also, moving files around the server server seems like it could get pretty heavy, especially if the site becomes big, so I'm not sure.  This is on a pretty big scale for me and I wish I could see an example of a company that has already done somthing similar to get a better idea.  Once I have a clear picture of the correct process, I'm sure I can code this to work. 

I didn't know my sig was screwed up, guess I can fix it.
Link to comment
Share on other sites

[quote author=jcombs_31 link=topic=109711.msg442508#msg442508 date=1159378439]
Hmm, I guess the next question would be about the download interface.  Never done anything like that.  Also, moving files around the server server seems like it could get pretty heavy, especially if the site becomes big, so I'm not sure.  [b]This is on a pretty big scale for me and I wish I could see an example of a company that has already done somthing similar to get a better idea.  Once I have a clear picture of the correct process, I'm sure I can code this to work.  [/b]

I didn't know my sig was screwed up, guess I can fix it.
[/quote]

I'm sorry, I took that to mean "If only I could go to some company's website, look at their process and see what they do, I can figure out how to code it myself."  So I gave an example company that for you to go to their website and go through their download process and see their 'process', and then go and make your own code based off that. Is that not what you meant? Then I am sorry.

p.s. - replying to a misunderstanding with sarcasm is childish.
Link to comment
Share on other sites

My ideas on the process in general would be something like this

The user pay's via paypal(I am assuming that's how they are paying to download), when paypal's ipn comes back you process the request(temporarily database that they have paid, and set them up a temp access id.  Have a login area, an area that is hidden to the public, in that login area, there is a master username/password it's universal for everyone, or even individual, however you want to do it.  Then you have all the files downloading there, and for them to get any of the links to work, they have to have a temporary passcode, that passcode can be stored in a database, and you can set up a script that every 24 hours(as ober said), it removes whatever passcodes are over 24 hours old, this removes access to everyone who doesn't have passcode.  As long as you htaccess (to prevent people from getting to the files folder), I don't think you would have anything to worry about.
Link to comment
Share on other sites

Hi
I'm kinda hoping i've fully understood the question and therefore don't sound patronising, so apologies if i've missed the point :) ....
If you don't want someone to have direct access to a file, then pop them outside the directory tree, below the httpdocs (or public_html or whatever yours is). A single script is then all that's required to retrieve and force the file to download (using [s]headers[/s] [b]edit:[/b] the info in the thread by ober that Daniel0 pointed out earlier in this thread), and how you grant access to the files via this script is up to you. I do a similar thing with other types of files for my company, as I dont want people getting direct access (via URL) to them. If I was going to do an MP3 site, then I'd do it in the same way.
It keeps the files away from the unwanted, avoids 'hotlinking', and removes the need to shift files around, so hopefully thats the ticket.

Hope that helps
Cheers
Mark
Link to comment
Share on other sites

[quote author=businessman332211 link=topic=109711.msg443319#msg443319 date=1159480350]
My ideas on the process in general would be something like this

The user pay's via paypal(I am assuming that's how they are paying to download), when paypal's ipn comes back you process the request(temporarily database that they have paid, and set them up a temp access id.  Have a login area, an area that is hidden to the public, in that login area, there is a master username/password it's universal for everyone, or even individual, however you want to do it.  Then you have all the files downloading there, and for them to get any of the links to work, they have to have a temporary passcode, that passcode can be stored in a database, and you can set up a script that every 24 hours(as ober said), it removes whatever passcodes are over 24 hours old, this removes access to everyone who doesn't have passcode.  As long as you htaccess (to prevent people from getting to the files folder), I don't think you would have anything to worry about.
[/quote]

???
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.