auto download of a file

**davidg47** · 06-13-2006, 08:28 PM

Hello Everyone,

I have several e-books I want to start selling online. As most of you know, most people are leery of buying anything online, and even more leery if they purchase it and then have to wait to get the product they purchased... especially if it's just an electronic file.

What I would like to do is set it up so that when the purchase is made, and paypal sends them the purchase successfully processed email, that also in that email is a link to a ftp server where they can go and download the file. But, I want to make it so that they can download it only once and not be able to return again and again with the password. But, I also do not want to have to change the password every 12 to 24 hours (what if I'm on vacation?) and also have to change the text in the confirmation email that paypal sends them.

Anyone got any ideas?

Thanks in advance for your help...

Dave

**Twey** · 06-13-2006, 08:33 PM

Add an FTP account when you send the email, then delete it upon access of the file.

**davidg47** · 06-14-2006, 12:22 AM

Will I be able to tell if the file was downloaded?

**Twey** · 06-14-2006, 05:43 AM

There should be some way of doing it, yes. If you can't figure out how to bully your FTP server into doing it, we can probably work out an equivalent with HTTP and a server-side script.

**davidg47** · 06-14-2006, 08:49 AM

This idea still requires allot of manual interaction on my part. I was hoping for something a little more automatic for the times when I may not be able to get to a computer.

You know, like when you purchase a piece of downloadable software, I'm sure they do not have someone sitting there sending out emails with the download URL along with a user name and password for the person to log on and download their software.

Any more ideas?

Dave

**BLiZZaRD** · 06-14-2006, 08:59 AM

Twey would know better than I, but wouldn't it be easy enough to use php to generate a random(99999) number as the password, even alph-numeric?

The php could include this in the email, then when id in email is = A4tgR5 and that password is used, it is deleted from the system?

Just thinking outloud here with a possibility... not sure how to impliment it though... Twey or John, or Mike would though...

~BLiZZ

**djr33** · 06-14-2006, 10:11 AM

Why do you want it to be FTP?

Seems like you don't know how to dynamically create ftp accounts and delete them, right?

So... go with something easier... just use http.

Assuming you do have php enabled, which seems likely, you could use a restricted directory (or create one and set that with .htaccess). Sorry, but I don't really know how, but just that you can. You'll have to look more into that.
Once you have that, you can put the files in there. People can't access them.
Then, in a non-protected directory, you can make a page that uses info stored in a database (or even text file) and relate to the aforementioned randomly generated password (and, perhaps username, unless they already have one, like their email, which would be a good idea).
On the php page, you can have a form. In that, a user and a password (or even just password if you don't want the extra security of having both).
When they put the correct info in the form and send it, it will give them the file. Since php can access protected directories, php can get the file, then send it from the non-protected directory as a file to the user.
This will only work if the php gets the file, so there's no risk of them returning and doing it again.
Then you can have it delete the login code (username/password combo) for that particular item.
The trick would be knowing how long it takes it to download.
However, I would suggest using this method:
Once the person has used their entry code (not after it's sent to them, but once they've started using it), the clock starts ticking. After an hour, the login will no longer work.
Additionally, I would code in an IP check to be sure that the login will only work from the IP it was initially sent from.
Of course this might create problems for users who are using two computers legitimately, or have REALLY slow connections and take longer than that hour, or are just somehow distracted, and don't download in the hour.
All stuff to think about.
Another way to do it would be to have the php only work once. It outputs the file, then deletes the record. The file would THEN begin downloading, but couldn't begin twice. It would finish, just not be able to start over. The catch there is that it might create problems if someone's connection got reset or something.

I'm just rambling at this point.
Does this sound like it might work?

I'm not sure about coding all of it..... but I do know it's possible.

**Twey** · 06-14-2006, 11:00 AM

This idea still requires allot of manual interaction on my part.

It requires none.
As djr33 said, HTTP would be easier, using PHP or something similar.

**davidg47** · 06-14-2006, 04:26 PM

Phew-eeeee!!! now I'm really confused... all that was so far over my head so that I'm getting a nose bleed just looking at it.

But... it sounds good, and sounds like it will work. Now I just gotta figue out what you said.

Thanks for all your help guys... wish me luck!

Dave

**Contrid** · 07-07-2006, 01:23 PM

I've been struggling with this for a long time as well.
I have a website which sells software and allows people to download it.
When they submit the order form before going through to paypal, they fill in all their details, and they also choose a download password.

How can I have my .htaccess or .htpasswd interact with my database to read usernames and passwords from the database? This would be really awesome, since I'm using cronjobs to automatically delete all download passwords after 12 hours of purchase.

Is there any way to do this?

I also spoke to someone on SitePoint who recommended using readfile().

Thread: auto download of a file

Thread Tools

Search Thread