Download System?

[reyna12]

What i want

I have an mp3 file, only available for logged in users, but i want to make it so that it is downloadable, only by logged in users so that the link cannot be passed around, is this hard to do?

Also would need to add something to the member system that alerts if the user has logged in from several ip addresses, is there something available for this?

Thanks for any advice

[magic2goodil]

For your system for downloading, I would suggest storing all files in a database.  I don't mena the actual files themselves, but the links to those files.  Also, give the songs a specific ID.  Have a variable that must be equal to true, such as a logged_in SESSION variable on the download page itself.  The download page will check that they are logged in, run the id for the song to be downloaded, and secretly redirect to that link stored in the database.

For the IP address part, why not just make a variable in the member's db that is called logged or something that is a simple int.  If it is 1, they are logged in, if it is 0, they are not.  If it is set to 0, the user can still login, but once it is 1, they cannot log in again until logged back out.

[matto]

bearing in mind that if the files are stored in a public folder on your site there will be nothing stopping joe average from guessing the url and downloading the file without having to login.....

:)

[magic2goodil]

If you want to get real fancy do some research on .htaccess..you can set up folders with .htaccess permissions in them so the user has to login via the .htaccess file as well.. 

Also, i am not sure what mp3's you are using, but beware of copyright laws...

[matto]

An alternative would be to store the files outside of the web root folder and have a php fetch them for authenticated users.....

:)

[Eddyon]

You may find this helpful for hiding the address:

http://www.phpfreaks.com/forums/index.php/topic,95433.0.html

[reyna12]

The mp3 itself will be created by me so no issues with copyright etc...


I'd never thought of that, that script won't do it (or i am failing to understand it) but it could be a link "Download" but it wouldnt actually show the url to the file.

I am guessing that, that script might be part of it but how would i go about actually setting teh file to download?

[Eddyon]

Make a link to the download page (which people have to be logged in to view) and put it on that page to forward to the file hidden in a hidden directory so that people cant find it.

As it is in the php code the location does not show up on the source, and as far as I am aware, it just says downloading from www.site.com when you download it, and does not say the actual path to the file so people shouldn't be able to easilly find it.

[reyna12]

Yeah it suddenly hit me!

Got it setup to get the file from directory set (goes through several just so it can't "easily" be found.

Thanks for your help everyone :)

[matto]

I suppose you could protect the folder with a .htaccess file and have php read the file and serve it up the with the header() function

contents of .htaccess file would be:
[code]
deny from all
[/code]

[reyna12]

Now what i have the problem with is, it worked before putting it into the member system  :D

It does show the register options when trying to access it when not logged in, but when you are it keeps saying downloading download.php then error, cannot download download.php rather than the file.

[code=php:0]
<?
session_start();
include('./config.php');
if(!check_login($username, $password))
{
$title = "Guest Page";
$msg = "<h2>Welcome Guest</h2>
<p>Hi there.  I see that you're a guest to this site, in order to get the best experience out of ". SITE_NAME .", you must be registered.  Registering is totally free and requires only a few minutes of your time, we promise!  If you're interested, you can register <a href='login.php?do=reg'>here</a>.</p><p>If you're not a guest, and simply haven't logged in, you may log in <a href='login.php'>here</a>.";
}
else {
if ( !isset ( $_GET['file'] ) )
{
header ( 'HTTP/1.0 404 Not Found' );
die ( 'File not found.' );
}

$File = $_GET['file'];
$Directory = '/home/designht/public_html/dan/1/2/d/';

$File = $Directory . preg_replace ( '#([^\w\d_\-\. ])#', '', $File );

if ( !is_file ( $File ) )
{
header ( 'HTTP/1.0 404 Not Found' );
die ( 'File not found: ' . $File );
}

header ( 'HTTP/1.1 200 OK' );
header ( 'Date: ' . date ( 'D M j G:i:s T Y' ) );
header ( 'Last-Modified: ' . date ( 'D M j G:i:s T Y' ) );
header ( 'Content-Type: application/force-download' );
header ( 'Content-Lenght: ' . (string) ( filesize ( $File ) ) );
header ( 'Content-Transfer-Encoding: Binary' );
header ( 'Content-Disposition: attachment;filename=' . basename ( $File ) );
readfile ( $File );
}
?>

<html>
<head>
<title><?php echo $title; ?></title>
</head>
<body>
<?php echo $msg, $footer; ?>
</body>
</html>[/code]

[reyna12]

anyone help with that ?

[matto]

You have a problem with this part at least:


header ( 'Content-Lenght: ' . (string) ( filesize ( $File ) ) );

s/be:

header ( 'Content-Leng[color=red]th[/color]: ' . (string) ( filesize ( $File ) ) );


What browser are you testing this with ?

[Slippy2005]

matto, can you PM me your contact information? AIM, Yahoo, or MSN? I would really like to talk to you about something since you seem very knowledgable about this information. Thanks :)

-Nick-