Write, zip then download.

[DeathStar]

Hi there.

I was wondering how i could do this secure enough?

I'm going to accept payments with paypal(ipn) and then when the payment is complete the user must then be able to download it.

but how do i ensure other people dont just get the zip file's location and downlaod it?

I have though about this:

when the payment is complete and the scripts recive the the script then writes the script into a php file and then zip it, store it and then in 10mins delete it(that part by cron of course)

Any  ideas where i can get tutorials on that, or better yet a script for that sole purpose?

 

~DeathStar~

[MadTechie]

Heres an idea

 

have a php page that uses the zip encoding header, and have that connect to a database (security check think), if the secuity check is passed then use readfile("thefile.zip"); to build the read of the zip if not use readfile("not_thefile.zip"); (for fun to give them a junk file which contains only a readme.txt telling them where to stick it

[DeathStar]

Heres an idea

 

have a php page that uses the zip encoding header, and have that connect to a database (security check think), if the secuity check is passed then use readfile("thefile.zip"); to build the read of the zip if not use readfile("not_thefile.zip"); (for fun to give them a junk file which contains only a readme.txt telling them where to stick it

 

lol, funny but not professional.

I cant do it thaat way either!

the can still acces the file!

i want the file to not exist, only be crated after the payment.

[MadTechie]

The file will exist but only you will know where.. as the file location is being pulled via the script.. if you don't want the file to exists where you going to copy it from?

 

and yes the 2nd file was a joke but you will just need to change the header and the secuirty routines to display an error instead 

[DeathStar]

not copy, make, download, delete

[yzerman]

Well, the problem with this method is - what happens when I reformat, and I want the software again?

 

Your best option is to do this:

 

Have them register on your site

Checkout

In the user table, a field called is_authorized, with a default of 0, in your users table, and have your script change is_authorized = 1.

 

In the login script to receive the file, you check that the user is logged in, his hostmask matches the purchaser, is_authorized is set to 1, and you give a link to a file download only if these things match.

 

What I would suggest is embedding the link to the file in this page - such as getfile.php?fileid=blah

 

This way, they can only access the file this way - and the attempted logins are logged.

[MadTechie]

ok when you "Make" the file use that instead of pull from the file.. either way it was just a suggection

[Warptweet]

Make it so that you have to be logged in to download the file, and make sure there is an option to edit your password, that way nobody would dare give their password to the public so they can steal the file, or else the public would change the guys password.

 

It's a sure fire way to scare people into not giving the link away, and after a week, delete the file.

[DeathStar]

hmm..

Could work