NYCPHP Meetup

NYPHP.org

[nycphp-talk] protecting download directory in PHP app on Unix box?

Dan Horning dan.horning at planetnoc.com
Wed May 28 12:25:52 EDT 2008 

my question is do you really need to custom roll this out - there are a
few apps (which are slipping my mind atm) that do exactly this out of
the box..... ?

1) customer order is directed to paypal
2) on payment complete paypal notifies your script
3) customer receives download link via email
4) customer has X times to download the file within Y time
5) Admins can reactivate the order allowing X more times or Y time to
download
6) works with any number of download products

and that's just the framework method... you could use a zencart /
freeway /x-cart if you needed a more robust solution

Dan Horning

American Digital Services - Where you are only limited by imagination.
direct 1-866-493-4218 . main 1-800-863-3854 . fax 1-888-474-6133
dan.horning at planetnoc.com
http://www.americandigitalservices.com


-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Ajai Khattri
Sent: Wednesday, May 28, 2008 12:18 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] protecting download directory in PHP app on
Unix box?

On Wed, 28 May 2008, Kristina Anderson wrote:

> Hmm... I like this... if I copy the file to the web server I can name 
> the directory after their transaction ID....make unique directory for 
> each customer...then delete them after a day or so...we have lots of 
> room..is this doable on a shared host?  ...outside "public_html" is 
> outside the root, or no?

As someone else pointed out, you probably should NOT have Apache serve
the 
PDF directly. Much better to generate a token that gets emailed to them 
when they checkout. During the checkout, you would need to make a record

of the transaction and token. You will need to write a download script 
that takes the token, does some checks in your database and then returns

the PDF directly with the correct MIME type.



-- 
Aj.

_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php

More information about the talk mailing list