The entire app is written except for this part of it, and I am expecting to be able to implement something with medium security in a reasonable period of time, like, today :)
And the client has stated they do not want any solution where the customer has to be emailed, they want a direct link for the download right after payment. I like the idea of using the transaction id/PDF id pair in a lookup table to authenticate the redirect to a file download URL... -- Kristina > my question is do you really need to custom roll this out - there are a > few apps (which are slipping my mind atm) that do exactly this out of > the box..... ? > > 1) customer order is directed to paypal > 2) on payment complete paypal notifies your script > 3) customer receives download link via email > 4) customer has X times to download the file within Y time > 5) Admins can reactivate the order allowing X more times or Y time to > download > 6) works with any number of download products > > and that's just the framework method... you could use a zencart / > freeway /x-cart if you needed a more robust solution > > Dan Horning > > American Digital Services - Where you are only limited by imagination. > direct 1-866-493-4218 . main 1-800-863-3854 . fax 1-888-474-6133 > [EMAIL PROTECTED] > http://www.americandigitalservices.com > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:talk- [EMAIL PROTECTED] > On Behalf Of Ajai Khattri > Sent: Wednesday, May 28, 2008 12:18 PM > To: NYPHP Talk > Subject: Re: [nyphp-talk] protecting download directory in PHP app on > Unix box? > > On Wed, 28 May 2008, Kristina Anderson wrote: > > > Hmm... I like this... if I copy the file to the web server I can name > > the directory after their transaction ID....make unique directory for > > each customer...then delete them after a day or so...we have lots of > > room..is this doable on a shared host? ...outside "public_html" is > > outside the root, or no? > > As someone else pointed out, you probably should NOT have Apache serve > the > PDF directly. Much better to generate a token that gets emailed to them > when they checkout. During the checkout, you would need to make a record > > of the transaction and token. You will need to write a download script > that takes the token, does some checks in your database and then returns > > the PDF directly with the correct MIME type. > > > > -- > Aj. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
