Lassie Posted December 11, 2006 Share Posted December 11, 2006 I need to set up a download application as the backend of a shopping cart.I would like to email a link to the product and download from there. I would want the link to be secured to the users emailaddress in someway.Can anybody give me a starter for 10 on this one.What would a broad design encompass?lassie Quote Link to comment https://forums.phpfreaks.com/topic/30256-downloads/ Share on other sites More sharing options...
utexas_pjm Posted December 11, 2006 Share Posted December 11, 2006 At a high level I think you would want something like this:1) Once purchase is final construct a hash, maybe something like: md5($emailAddress+date("Ydmhis")) store this in a db somewhere.2) Construct an email which generates a link with the hash appended to the query string like: http://www.yoursite.com?auth_id=253452AF54353ED32423A211.3) Once the link is clicked validate it with what you have stored in the db and once authenticated redirect to the d/l url. Quote Link to comment https://forums.phpfreaks.com/topic/30256-downloads/#findComment-139222 Share on other sites More sharing options...
Lassie Posted December 12, 2006 Author Share Posted December 12, 2006 ThanksI am thinking also that I will need to create a temporary download area to store the basket contents for the download rather than download from a storage area that has all the products. I have not stored the products in the database.This doesnt feel very elegant to me. Do you have any thoughts?lassie Quote Link to comment https://forums.phpfreaks.com/topic/30256-downloads/#findComment-139569 Share on other sites More sharing options...
utexas_pjm Posted December 12, 2006 Share Posted December 12, 2006 You could actually create a directory with same name as the hash. When the customer clicks on their "pickup link" and you validate their hash you can compute a "pickup time". Then via Cron you can delete all directories which were "picked up" over n hours ago. Still not super elegant but I think it will get the job done. Quote Link to comment https://forums.phpfreaks.com/topic/30256-downloads/#findComment-139666 Share on other sites More sharing options...
Jenk Posted December 12, 2006 Share Posted December 12, 2006 I'd personally go a similar route, but with tighter security measures.1.) Generate a unique hash from something along the lines of customer ID, purchase ID and date.2.) Store said hash in DB3.) Email link with hash to customer.4.) Customer MUST revalidate login details when they follow the link.5.) Flag the hash as 'used' - never delete it. Use this as a validation for step 1. to add the extra step in preventing hash collisions.I'd also add a 'failed attempts' system, to boot. Quote Link to comment https://forums.phpfreaks.com/topic/30256-downloads/#findComment-139703 Share on other sites More sharing options...
Lassie Posted December 13, 2006 Author Share Posted December 13, 2006 Thanks guys. I will give it a bash.lassie Quote Link to comment https://forums.phpfreaks.com/topic/30256-downloads/#findComment-140332 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.