Web development question

Posted:
in General Discussion edited January 2014
I am putting together a website and the client would like to have a pay-per-download area. I know how to do the member login part, so they have a members area, but I'm not sure about the pay-per-download. They want to use PayPal, and then have the link download. How do you stop that link from being passed around? How do you make sure no one else can download/see the link unless they are signed in and paid? Anyone have any idea?

Comments

  • Reply 1 of 2
    MarvinMarvin Posts: 15,310moderator
    Quote:
    Originally Posted by Digital Disasta View Post


    I am putting together a website and the client would like to have a pay-per-download area. I know how to do the member login part, so they have a members area, but I'm not sure about the pay-per-download. They want to use PayPal, and then have the link download. How do you stop that link from being passed around? How do you make sure no one else can download/see the link unless they are signed in and paid? Anyone have any idea?



    It doesn't matter about the link itself, it can be passed around but when the link is visited, it should check that there is a verified login and if not, simply redirect to a login page. If a verified login is found, proceed with the download.



    So you would have a database of login names and passwords. When someone logs in, check the details and on successful verification, set a PHP Session variable (it's more reliable and secure to store these in an SQL database). Then simply check if the Session variable is set correctly before the link is processed.



    In summary:



    User visits site

    ---

    Logs in

    and arbitrary session variable set on successful login e.g $_SESSION['logged_in'] = true

    ---

    user clicks download link

    ---

    check if $_SESSION[logged_in'] == true

    ---

    if session variable is set correctly, proceed to download.

    If it is not set correctly, redirect user back to the login



    The actual link can be passed around anywhere because the PHP script won't let the download happen until it verifies the session variable.



    You should also add permissions to the server so the files are not readable directly and then simply start the download via PHP using code like these:



    http://www.higherpass.com/php/Tutori...load-Security/

    http://www.zubrag.com/scripts/download.php



    You can use .htaccess files to protect directories and files listing and downloading so you don't have to remember to set file permissions directly.
  • Reply 2 of 2
    how would I involved the paypal aspect? They want to click the link or add it to a cart, goto paypal, have them pay, and then redirect to the downloads.



    btw...thanks for the info
Sign In or Register to comment.