NYCPHP Meetup

NYPHP.org

[nycphp-talk] protecting download directory in PHP app on Unix box?

Kenneth Downs ken at secdat.com
Wed May 28 12:41:08 EDT 2008 

Kristina Anderson wrote:
> the string I get back from Paypal doesn't have that email address...
>
> just transaction id, "completed", amount & item number.
>   

ah, yes,forgot to mention that.  You can generate your own order # for 
the transaction and give it to paypal, and they will give it back to you. 

You can follow this chain:

1) Insert a row into your customer-pdf table, with a flag indicating it 
is not complete
2) Pull the id from the row and hand it to Paypal as the order #
3) When the IPN comes back you use the ID # to know what customer and 
pdf are involved, and you can get any customer information from your 
customer file.


>   
>> Or just email the purchasers email address (obtained through paypal) 
>>     
> the 
>   
>> .pdf.
>>
>> - Ben
>>
>> Kristina Anderson wrote:
>>     
>>> This might be off topic as well...but I have a PHP app that submits 
>>>       
> to 
>   
>>> Paypal and then on the "thank you" page, I provide a link to a PDF 
>>>       
> that 
>   
>>> they bought.
>>>
>>> The server is Unix based, and before submitting the sale, I collect 
>>> various information about the user, and then when the transaction 
>>>       
> is 
>   
>>> complete, I get a unique transaction ID from Paypal.
>>>
>>> What's the easiest, quickest way to provide some level of 
>>>       
> complexity to 
>   
>>> the downloads so that people can't just go back into the directory 
>>>       
> and 
>   
>>> download every PDF without paying?  It doesn't have to be 100% 
>>>       
> secure 
>   
>>> but should be secure enough to keep out "most" people.
>>>
>>> I've been looking into .htaccess but wondering if that's overkill 
>>>       
> and 
>   
>>> there isn't some way to authenticate against my DB information 
>>>       
> before 
>   
>>> allowing the download?
>>>
>>> -- Kristina 
>>> _______________________________________________
>>> New York PHP Community Talk Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>> NYPHPCon 2006 Presentations Online
>>> http://www.nyphpcon.com
>>>
>>> Show Your Participation in New York PHP
>>> http://www.nyphp.org/show_participation.php
>>>
>>>   
>>>       
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>>
>>     
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>   


-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-689-7200   Fax: 631-689-0527
cell: 631-379-0010

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20080528/99c9a94a/attachment.html>

More information about the talk mailing list