NYCPHP Meetup

NYPHP.org

[nycphp-talk] protecting download directory in PHP app on Unix box?

Justin Dearing zippy1981 at gmail.com
Wed May 28 14:16:10 EDT 2008 

Have the files lie in a folder outside of public_html and reference
the files via  ../pdf_folder/$filename.



On Wed, May 28, 2008 at 2:02 PM, Kristina Anderson
<ka at kacomputerconsulting.com> wrote:
> This is similar to what I was planning on doing...
>
> http://www.proofmagazine.com/getfile.php?
> tx=funkypaypaltransid&PDFid=1234&file=file.pdf
>
> authenticates against the transaction id / pdf id pair and then serves
> up a file...but where does the file live and how does this page know
> where to find it and etc...that's what I'm not clear on, can anyone
> further explain this file=file.pdf aspect?
>
>> The entire app is written except for this part of it, and I am
>> expecting to be able to implement something with medium security in a
>> reasonable period of time, like, today :)
>>
>> And the client has stated they do not want any solution where the
>> customer has to be emailed, they want a direct link for the download
>> right after payment.
>>
>> I like the idea of using the transaction id/PDF id pair in a lookup
>> table to authenticate the redirect to a file download URL...
>>
>> -- Kristina
>>
>>
>> > my question is do you really need to custom roll this out - there
> are
>> a
>> > few apps (which are slipping my mind atm) that do exactly this out
> of
>> > the box..... ?
>> >
>> > 1) customer order is directed to paypal
>> > 2) on payment complete paypal notifies your script
>> > 3) customer receives download link via email
>> > 4) customer has X times to download the file within Y time
>> > 5) Admins can reactivate the order allowing X more times or Y time
> to
>> > download
>> > 6) works with any number of download products
>> >
>> > and that's just the framework method... you could use a zencart /
>> > freeway /x-cart if you needed a more robust solution
>> >
>> > Dan Horning
>> >
>> > American Digital Services - Where you are only limited by
> imagination.
>> > direct 1-866-493-4218 . main 1-800-863-3854 . fax 1-888-474-6133
>> > dan.horning at planetnoc.com
>> > http://www.americandigitalservices.com
>> >
>> >
>> > -----Original Message-----
>> > From: talk-bounces at lists.nyphp.org [mailto:talk-
>> bounces at lists.nyphp.org]
>> > On Behalf Of Ajai Khattri
>> > Sent: Wednesday, May 28, 2008 12:18 PM
>> > To: NYPHP Talk
>> > Subject: Re: [nycphp-talk] protecting download directory in PHP app
> on
>> > Unix box?
>> >
>> > On Wed, 28 May 2008, Kristina Anderson wrote:
>> >
>> > > Hmm... I like this... if I copy the file to the web server I can
>> name
>> > > the directory after their transaction ID....make unique directory
>> for
>> > > each customer...then delete them after a day or so...we have lots
>> of
>> > > room..is this doable on a shared host?  ...outside "public_html"
> is
>> > > outside the root, or no?
>> >
>> > As someone else pointed out, you probably should NOT have Apache
> serve
>> > the
>> > PDF directly. Much better to generate a token that gets emailed to
>> them
>> > when they checkout. During the checkout, you would need to make a
>> record
>> >
>> > of the transaction and token. You will need to write a download
>> script
>> > that takes the token, does some checks in your database and then
>> returns
>> >
>> > the PDF directly with the correct MIME type.
>> >
>> >
>> >
>> > --
>> > Aj.
>> >
>> > _______________________________________________
>> > New York PHP Community Talk Mailing List
>> > http://lists.nyphp.org/mailman/listinfo/talk
>> >
>> > NYPHPCon 2006 Presentations Online
>> > http://www.nyphpcon.com
>> >
>> > Show Your Participation in New York PHP
>> > http://www.nyphp.org/show_participation.php
>> >
>> >
>> >
>> > _______________________________________________
>> > New York PHP Community Talk Mailing List
>> > http://lists.nyphp.org/mailman/listinfo/talk
>> >
>> > NYPHPCon 2006 Presentations Online
>> > http://www.nyphpcon.com
>> >
>> > Show Your Participation in New York PHP
>> > http://www.nyphp.org/show_participation.php
>> >
>> >
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>

More information about the talk mailing list