Downloads

[Lassie]

I need to set up a download application as the backend of a shopping cart.
I would like to email a link to the product and download from there. I would want the link to be secured to the users emailaddress in someway.
Can anybody give me a starter for 10 on this one.What would a broad design encompass?
lassie

[utexas_pjm]

At a high level I think you would want something like this:

1) Once purchase is final construct a hash, maybe something like: md5($emailAddress+date("Ydmhis")) store this in a db somewhere.
2) Construct an email which generates a link with the hash appended to the query string like: http://www.yoursite.com?auth_id=253452AF54353ED32423A211.
3) Once the link is clicked validate it with what you have stored in the db and once authenticated redirect to the d/l url.

[Lassie]

Thanks
I am thinking also that I will need to create a temporary download area to store the basket contents for the download rather than download from a storage area that has all the products. I have not stored the products in the database.
This doesnt feel very elegant to me. Do you have any thoughts?
lassie

[utexas_pjm]

You could actually create a directory with same name as the hash.  When the customer clicks on their "pickup link" and you validate their hash you can compute a "pickup time".  Then via Cron you can delete all directories which were "picked up" over n hours ago.  Still not super elegant but I think it will get the job done.

[Jenk]

I'd personally go a similar route, but with tighter security measures.

1.) Generate a unique hash from something along the lines of customer ID, purchase ID and date.
2.) Store said hash in DB
3.) Email link with hash to customer.
4.) Customer MUST revalidate login details when they follow the link.
5.) Flag the hash as 'used' - never delete it. Use this as a validation for step 1. to add the extra step in preventing hash collisions.

I'd also add a 'failed attempts' system, to boot.

[Lassie]

Thanks guys. I will give it a bash.
lassie