Jump to content

Recommended Posts

I need to set up a download application as the backend of a shopping cart.
I would like to email a link to the product and download from there. I would want the link to be secured to the users emailaddress in someway.
Can anybody give me a starter for 10 on this one.What would a broad design encompass?
lassie
Link to comment
https://forums.phpfreaks.com/topic/30256-downloads/
Share on other sites

At a high level I think you would want something like this:

1) Once purchase is final construct a hash, maybe something like: md5($emailAddress+date("Ydmhis")) store this in a db somewhere.
2) Construct an email which generates a link with the hash appended to the query string like: http://www.yoursite.com?auth_id=253452AF54353ED32423A211.
3) Once the link is clicked validate it with what you have stored in the db and once authenticated redirect to the d/l url.



Link to comment
https://forums.phpfreaks.com/topic/30256-downloads/#findComment-139222
Share on other sites

Thanks
I am thinking also that I will need to create a temporary download area to store the basket contents for the download rather than download from a storage area that has all the products. I have not stored the products in the database.
This doesnt feel very elegant to me. Do you have any thoughts?
lassie
Link to comment
https://forums.phpfreaks.com/topic/30256-downloads/#findComment-139569
Share on other sites

You could actually create a directory with same name as the hash.  When the customer clicks on their "pickup link" and you validate their hash you can compute a "pickup time".  Then via Cron you can delete all directories which were "picked up" over n hours ago.  Still not super elegant but I think it will get the job done.
Link to comment
https://forums.phpfreaks.com/topic/30256-downloads/#findComment-139666
Share on other sites

I'd personally go a similar route, but with tighter security measures.

1.) Generate a unique hash from something along the lines of customer ID, purchase ID and date.
2.) Store said hash in DB
3.) Email link with hash to customer.
4.) Customer MUST revalidate login details when they follow the link.
5.) Flag the hash as 'used' - never delete it. Use this as a validation for step 1. to add the extra step in preventing hash collisions.

I'd also add a 'failed attempts' system, to boot.
Link to comment
https://forums.phpfreaks.com/topic/30256-downloads/#findComment-139703
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.