Hello Everyone,

I have several e-books I want to start selling online. As most of you know, most people are leery of buying anything online, and even more leery if they purchase it and then have to wait to get the product they purchased... especially if it's just an electronic file.

What I would like to do is set it up so that when the purchase is made, and paypal sends them the purchase successfully processed email, that also in that email is a link to a ftp server where they can go and download the file. But, I want to make it so that they can download it only once and not be able to return again and again with the password. But, I also do not want to have to change the password every 12 to 24 hours (what if I'm on vacation?) and also have to change the text in the confirmation email that paypal sends them.

Anyone got any ideas?

Thanks in advance for your help...

Dave

Add an FTP account when you send the email, then delete it upon access of the file.

Will I be able to tell if the file was downloaded?

There should be some way of doing it, yes. If you can't figure out how to bully your FTP server into doing it, we can probably work out an equivalent with HTTP and a server-side script.

This idea still requires allot of manual interaction on my part. I was hoping for something a little more automatic for the times when I may not be able to get to a computer.

You know, like when you purchase a piece of downloadable software, I'm sure they do not have someone sitting there sending out emails with the download URL along with a user name and password for the person to log on and download their software.

Any more ideas?

Dave

Twey would know better than I, but wouldn't it be easy enough to use php to generate a random(99999) number as the password, even alph-numeric?

The php could include this in the email, then when id in email is = A4tgR5 and that password is used, it is deleted from the system?

Just thinking outloud here with a possibility... not sure how to impliment it though... Twey or John, or Mike would though...

~BLiZZ

Why do you want it to be FTP?

Seems like you don't know how to dynamically create ftp accounts and delete them, right?

So... go with something easier... just use http.

Assuming you do have php enabled, which seems likely, you could use a restricted directory (or create one and set that with .htaccess). Sorry, but I don't really know how, but just that you can. You'll have to look more into that.
Once you have that, you can put the files in there. People can't access them.
Then, in a non-protected directory, you can make a page that uses info stored in a database (or even text file) and relate to the aforementioned randomly generated password (and, perhaps username, unless they already have one, like their email, which would be a good idea).
On the php page, you can have a form. In that, a user and a password (or even just password if you don't want the extra security of having both).
When they put the correct info in the form and send it, it will give them the file. Since php can access protected directories, php can get the file, then send it from the non-protected directory as a file to the user.
This will only work if the php gets the file, so there's no risk of them returning and doing it again.
Then you can have it delete the login code (username/password combo) for that particular item.
The trick would be knowing how long it takes it to download.
However, I would suggest using this method:
Once the person has used their entry code (not after it's sent to them, but once they've started using it), the clock starts ticking. After an hour, the login will no longer work.
Additionally, I would code in an IP check to be sure that the login will only work from the IP it was initially sent from.
Of course this might create problems for users who are using two computers legitimately, or have REALLY slow connections and take longer than that hour, or are just somehow distracted, and don't download in the hour.
All stuff to think about.
Another way to do it would be to have the php only work once. It outputs the file, then deletes the record. The file would THEN begin downloading, but couldn't begin twice. It would finish, just not be able to start over. The catch there is that it might create problems if someone's connection got reset or something.

I'm just rambling at this point.
Does this sound like it might work?

I'm not sure about coding all of it..... but I do know it's possible.

This idea still requires allot of manual interaction on my part.It requires none.
As djr33 said, HTTP would be easier, using PHP or something similar.

Phew-eeeee!!! now I'm really confused... all that was so far over my head so that I'm getting a nose bleed just looking at it.

But... it sounds good, and sounds like it will work. Now I just gotta figue out what you said. :confused:

Thanks for all your help guys... wish me luck!

Dave

I've been struggling with this for a long time as well.
I have a website which sells software and allows people to download it.
When they submit the order form before going through to paypal, they fill in all their details, and they also choose a download password.

How can I have my .htaccess or .htpasswd interact with my database to read usernames and passwords from the database? This would be really awesome, since I'm using cronjobs to automatically delete all download passwords after 12 hours of purchase.

Is there any way to do this?

I also spoke to someone on SitePoint who recommended using readfile().

You can't. The SitePoint chap was talking about using PHP, which is probably what I'd have to suggest here too.

Ok...well maybe you can give me a quick lecture if you don't mind. It will be greatly appreciated.

Let's say I have a .zip file in a protected directory. Once a user has successfully logged in with their email and password in order to download their software, how do I output the '.zip' file to them?

Is it possible to give me exact code for this? I've been searching around the web, but I can't seem to get something that works. Also...I don't have experience with the HTTP headers of outputting a file using PHP readfile()

Thanks alot for your help.

It's simple:
$data = file_get_contents('file.zip');
header('Content-Type: application/x-zip');
header('Content-Length: ' . strlen($data));
header('Content-Disposition: attachment; filename=file.zip');
die($data);

It's simple:
$data = file_get_contents('file.zip');
header('Content-Type: application/x-zip');
header('Content-Length: ' . strlen($data));
header('Content-Disposition: attachment; filename=file.zip');
die($data);

Great. I appreciate this. And then I just echo $data ? Is that right?

I've tried something different now. You code also basically gave me the same problem. Here is my code :


<?php
$filename = "download/setup4u.zip";
header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers
header("Content-Type: application/x-zip");
// change, added quotes to allow spaces in filenames, by Rajkumar Singh
header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($filename));
readfile("$filename");
exit();
?>

What should I do? Basically I just need a dialog asking them if they want to download. I'm sorry for all these questions, but I really have no idea how to do this. All help is appreciated.

Here is the URL :

http://www.pcsnoop.tv/testdownload.php

Great. I appreciate this. And then I just echo $data ? Is that right?No, I've already done that :)

Either code should give the standard "do you want to save or open this file" dialog box on most configurations.

It should be noted that double quotes take significantly longer to parse than single quotes.

Please look at my previous post with the code and the URL.
It seems to be working perfectly in FireFox, but in IE it just throws out alot of encrypted code. Damn...I'm getting really annoyed by IE...

I'll be SO happy if I can get this working.
I've been struggling with this for a very long time really.
I know it's simple and all, but yeah...

Urgh, IE doing its content-type-guessing thing again?
Well, your server is sending the header:
Content-Type: application/zip
It should be application/x-zip.

I've tried x-zip but it also doesn't work.
What is it with IE? I have these problems everyday. I had a JS problem, which I sorted out today thanks to you on another thread. This was also ONLY in IE.
So what will I do? This dialog works perfectly fine in FireFox, but probably about 75% in the US use IE, and I have to cater for them.

What is it with IE? I have these problems everyday. I had a JS problem, which I sorted out today thanks to you on another thread. This was also ONLY in IE.Welcome to the world of the web developer. :)
So what will I do?I'm not entirely sure. IE ignores the Content-Type header and tries to guess the content type by the content of the file. Something about your file is apparently convincing it that it's actually a text file.

That '.zip' file only contains a '.exe' setup file.
I'm going to try pointing at the '.exe' file and have that outputted without the '.zip' file. If it doesn't work, I'm going to sue M$. lol :D

Heh :)

As an aside, how did you get that brushed metal effect on your site border? I'm not much of a graphics person, and I've been trying to do the same thing with varying success for a while :p

Heh :)

As an aside, how did you get that brushed metal effect on your site border? I'm not much of a graphics person, and I've been trying to do the same thing with varying success for a while :p

It's easy. :)
Let me know what you want to do, and I'll do it for you.
Or I could create a patern for you which you can install on Adobe Photothop and then just reuse it everytime.

Ah, I see. I don't use Photoshop, sorry :) I was hoping there was a simple technique to create it, but if not, don't worry about it.

So Contrid, have you figured out how to give people the autodownload information so that after they have made their purchase, then they can go to a download ftp drive or something of the sort?

How do you do all of this?

If you do not want to post all of it to this site, you can write me at david@mindinthesky.com

Thanks,
Dave

No, s/he is using HTTP and PHP.

An "FTP drive?"