NYCPHP Meetup

NYPHP.org

[nycphp-talk] protecting download directory in PHP app on Unix box?

Kristina Anderson ka at kacomputerconsulting.com
Wed May 28 11:47:25 EDT 2008


the string I get back from Paypal doesn't have that email address...

just transaction id, "completed", amount & item number.

> Or just email the purchasers email address (obtained through paypal) 
the 
> .pdf.
> 
> - Ben
> 
> Kristina Anderson wrote:
> > This might be off topic as well...but I have a PHP app that submits 
to 
> > Paypal and then on the "thank you" page, I provide a link to a PDF 
that 
> > they bought.
> >
> > The server is Unix based, and before submitting the sale, I collect 
> > various information about the user, and then when the transaction 
is 
> > complete, I get a unique transaction ID from Paypal.
> >
> > What's the easiest, quickest way to provide some level of 
complexity to 
> > the downloads so that people can't just go back into the directory 
and 
> > download every PDF without paying?  It doesn't have to be 100% 
secure 
> > but should be secure enough to keep out "most" people.
> >
> > I've been looking into .htaccess but wondering if that's overkill 
and 
> > there isn't some way to authenticate against my DB information 
before 
> > allowing the download?
> >
> > -- Kristina 
> > _______________________________________________
> > New York PHP Community Talk Mailing List
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> > NYPHPCon 2006 Presentations Online
> > http://www.nyphpcon.com
> >
> > Show Your Participation in New York PHP
> > http://www.nyphp.org/show_participation.php
> >
> >   
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 
> 





More information about the talk mailing list