Stop people accessing a link unless i give authorisation

[c_shelswell]

Something just occured to me while making my site. I'm selling people a file that after payment i offer them a link that will take them to a page where they enter a code i gave allowing them to download a file. However what would stop someone from just typing the url and straight in to the browser window and downloading the file? i.e. www.mysite.com/files/file.zip

and so bypassing any of my scripts. Is there a way to stop this.

[Psycho]

Well, here is a general description of how I woud handle it.

When someone makes payment create a unique code and display it to the user and save it to a database. Then you can either create a download form page (where the user enters the code) or have the user append the code on the query strin ("www.mydomain.com/download.hph?file=uniquecode"). Then have the download page check the code entered to the database, if the code is correct then server the file using header().

Stole this from another post:
[code]<?php

//File Download Path
$file = "http://www.site.com/download.zip";

sleep(2);
header ("Location: $file");
?>
<html>
<head>
<title>Downloading...</title>
</head>
<body>
Your download shall begin in 2 seconds...
</body>
</html>[/code]

[c_shelswell]

yeah that's how i was going to do it. I've also added a 2nd code to the database that is added to the URL so the code they type in has to marry with the $_GET code i add to the url.

But what's to stop a user from finding out where i keep the files and simply typing it in?

i.e www.mysite.com/folder_i_keep_files_in/the_file.mp3

[effigy]

Store the files outside of the web root where they can only be accessed via a script.