[SOLVED] Digital Download

[prime]

My wife actually has some pretty neat artwork, and is writing eBooks.

 

We want to put them online for sale on our websites.

 

Is it possible to write a script that allows an automatic download after someone pays - and keeps others from getting the key?  Something like digital delivery download software with extra security that accepts multiple types of payments?

 

If so, where should I look to find out how to do this?  We've looked at purchasing the software but can't tell if they are as great as the ads say or if it's just hype.

 

Any help would be appreciated  - thank you!

[cooldude832]

once you deliver a finalized product (i.e a file they download) there is about 0 things you can do to prevent a person from ditributing it (outside of embeding it with a key and if you find a copy resurface you know who to sue).  What you can do is try storing data in mysql and then relasing it in a temp file for their download so it can't be reopened.

[prime]

I'm looking for a basic script or soemthing that will react to someone making a payment say via ebay, it there a way to automaticaly detect that someone has made the payment so that it releases access for them to download?

 

we've also been looking at scripts and packages for sale, but its hard to tell what's hype and whats not....

[cooldude832]

if you use paypal for payment they have a backend IPN system that can run a script on your server and it will return the information from paypal about the purchase and then you can alert the user their file is ready for download via that script sending an email.

[prime]

alright thank you very much

 

I asked paypal about using their service for digital downloads, they said we had to buy the pro package with a monthly fee.

 

they never said anything about having a backend script, thank you I'll take a look at it. if I can workout where to find it at

[keeB]

prime..

 

I really think you should extend on cooldude's initial thought..

 

Have a table much like the following:

 

CREATE TABLE Product (

  id primary key int not null auto_increment,

  path text,

  description text

)

 

Make the path only available to PHP (not over the WebServer)

 

And server the page by doing:

<?php
header("Content-type: text/pdf");
print file_get_contents($path);
?>

 

This way, people who visit this page download this file, but can't provide the same URL to friends.

 

Just a thought

[cooldude832]

This is their IPN script you can use but u need to set up your paypal to do it I suggest you use their sandbox to save you some money

<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Host: www.paypal.com:80\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$custom = $_POST['custom'];
$temp = explode(",",$custom);
$paymentnum = $temp[0];
$username = $temp[1];
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
if ($payment_status == "Completed")
{
$mail_From = ""
$mail_To = $_POST['payer_email'];
$mail_Subject = "Payment has cleared"
$emailtext = "";
mail($mail_To, $mail_Subject, $emailtext, $mail_From);
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation

$mail_From = "";
$mail_To = $_POST['payer_email'];
$mail_Subject = "Payment has NOT Cleared";
$mail_Body = $req;
$emailtext = "";
mail($mail_To, $mail_Subject, $emailtext, $mail_From);

}
}
fclose ($fp);
}
?>

[cooldude832]

Also try and add a unique key to each download sorta a signature so if some one redistributes it you can say Hey you broke my rules give me 1 million dollars.

[prime]

wow thank you. That's exactly what I was looking for.

[cooldude832]

IPN is a tad confusing if you aren't familar with e-commerce payment systems.  When someone pays with paypal after that payment clears paypal pings your ipn script on your site (you give paypal that url) then that page will extract data based on what paypal is telling that script and confirm payment completed for the right amount etc etc and then you simply do what you need if it succeeds.

[prime]

that's exactly what I need to know precisely, I'll get it working even if it takes time.

 

thank you so much :-) you've been a huge immense help