Simple Password Protected Download Script

[tonyking]

Here's what I am trying to accomplish, hopefully some one can help me!

I am trying to make a script that is basically a form with a username and password. Pretty simple so far...

The form action would check a mySQL database for verification, and if successful proceed to download a zip file. This is where I am lost. The source of the file must be protected or atleast have a GUID or something in the url that changes so that after X amount of time, the username, password, AND LINK they used to download the file is no longer valid.

How easy is this to accomplish? I'm pretty wet behind my proverbial php ears, so any help is much appreciated!

[Jas]

I imagine this is for some sort of online software purchase? It should be fairly easy, though you will have some bumps in the road, no doubt.

Well, your MySQL table should look like this:

Username | Password | link | time
------------------------------------------------------------------
John|Smith01|www.site.com/file.zip | 2008-06-02 14:00:00
------------------------------------------------------------------
Jane |Doe01 |www.site.com/file2.zip| 2008-06-02 14:30:00
------------------------------------------------------------------

The query once they login would be something like:

SELECT link FROM table WHERE Username = "$username" && Password = "$password" && $time < time;

The query would then return the approriate link (if there is one) which php can use to read in and force the download of the file. As far as protecting the file from direct downloading, you can use .htaccess to deny access to the file or directory. (so www.site.com/file.zip would return an access denied error to the user.) Alternative;y, you can store the file in a mysql table if it is small enough.

Hope that made sense and help you a little bit.