Have the files lie in a folder outside of public_html and reference the files via ../pdf_folder/$filename.
On Wed, May 28, 2008 at 2:02 PM, Kristina Anderson <[EMAIL PROTECTED]> wrote: > This is similar to what I was planning on doing... > > http://www.proofmagazine.com/getfile.php? > tx=funkypaypaltransid&PDFid=1234&file=file.pdf > > authenticates against the transaction id / pdf id pair and then serves > up a file...but where does the file live and how does this page know > where to find it and etc...that's what I'm not clear on, can anyone > further explain this file=file.pdf aspect? > >> The entire app is written except for this part of it, and I am >> expecting to be able to implement something with medium security in a >> reasonable period of time, like, today :) >> >> And the client has stated they do not want any solution where the >> customer has to be emailed, they want a direct link for the download >> right after payment. >> >> I like the idea of using the transaction id/PDF id pair in a lookup >> table to authenticate the redirect to a file download URL... >> >> -- Kristina >> >> >> > my question is do you really need to custom roll this out - there > are >> a >> > few apps (which are slipping my mind atm) that do exactly this out > of >> > the box..... ? >> > >> > 1) customer order is directed to paypal >> > 2) on payment complete paypal notifies your script >> > 3) customer receives download link via email >> > 4) customer has X times to download the file within Y time >> > 5) Admins can reactivate the order allowing X more times or Y time > to >> > download >> > 6) works with any number of download products >> > >> > and that's just the framework method... you could use a zencart / >> > freeway /x-cart if you needed a more robust solution >> > >> > Dan Horning >> > >> > American Digital Services - Where you are only limited by > imagination. >> > direct 1-866-493-4218 . main 1-800-863-3854 . fax 1-888-474-6133 >> > [EMAIL PROTECTED] >> > http://www.americandigitalservices.com >> > >> > >> > -----Original Message----- >> > From: [EMAIL PROTECTED] [mailto:talk- >> [EMAIL PROTECTED] >> > On Behalf Of Ajai Khattri >> > Sent: Wednesday, May 28, 2008 12:18 PM >> > To: NYPHP Talk >> > Subject: Re: [nyphp-talk] protecting download directory in PHP app > on >> > Unix box? >> > >> > On Wed, 28 May 2008, Kristina Anderson wrote: >> > >> > > Hmm... I like this... if I copy the file to the web server I can >> name >> > > the directory after their transaction ID....make unique directory >> for >> > > each customer...then delete them after a day or so...we have lots >> of >> > > room..is this doable on a shared host? ...outside "public_html" > is >> > > outside the root, or no? >> > >> > As someone else pointed out, you probably should NOT have Apache > serve >> > the >> > PDF directly. Much better to generate a token that gets emailed to >> them >> > when they checkout. During the checkout, you would need to make a >> record >> > >> > of the transaction and token. You will need to write a download >> script >> > that takes the token, does some checks in your database and then >> returns >> > >> > the PDF directly with the correct MIME type. >> > >> > >> > >> > -- >> > Aj. >> > >> > _______________________________________________ >> > New York PHP Community Talk Mailing List >> > http://lists.nyphp.org/mailman/listinfo/talk >> > >> > NYPHPCon 2006 Presentations Online >> > http://www.nyphpcon.com >> > >> > Show Your Participation in New York PHP >> > http://www.nyphp.org/show_participation.php >> > >> > >> > >> > _______________________________________________ >> > New York PHP Community Talk Mailing List >> > http://lists.nyphp.org/mailman/listinfo/talk >> > >> > NYPHPCon 2006 Presentations Online >> > http://www.nyphpcon.com >> > >> > Show Your Participation in New York PHP >> > http://www.nyphp.org/show_participation.php >> > >> > >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> >> > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
