FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Secure website
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Secure website [message #183537 is a reply to message #183534] Wed, 30 October 2013 05:52 Go to previous messageGo to previous message
J.O. Aho is currently offline  J.O. Aho
Messages: 194
Registered: September 2010
Karma:
Senior Member
On 30/10/13 04:02, Graham Hobbs wrote:
> Hellop,
>
> I have an ordinary website (all PHP), it has no 'conscious'
> protections, just code that does a job. One page (not written yet
> because I don't know how), will advertise a product for sale.
>
> My concept is that a buyer goes to a paypal screen, does the
> necessary, when payment is verfified and paid, an email is
> automatically sent to the buyer with a download key. At the buyers
> dicretion, they go to the download page, enter the key and the
> software gets downloaded. Is this sort of thing a novice PHP'er could
> do.

Sure a novice coder could do it, but the question is if it's a good
solution they do or not.

> ... how to prevent more than one download, do I store the software
> package on my ISP's server, is it safe, since it has several exe files
> would they be in a zip file, how to assign a download key, let the
> whole process be automated?

You store the key in a database, together which package, who and a
download time.
When the user request for the file, you check against the database to
see if the row has a download time, if not allow the start of the
download (keep in mind that the user do not get a direct download link,
but it's the php which serves the content to the user) and when the
whole file been sent, then update the row with a download time.

See to that the zip files ain't located in the DocumentRoot directory,
for it they do, then you can download them without the need of the key
you want to send.

And yes, it can be made completely automated, take advantige of the
PayPal IPN system and do not forget that PayPal transactions has a highe
chargeback fee and customers do more disbutes than with other payment
alternatives, so somone could pay and download your product and then
disbute the payment and in worst case you will have to pay for it, so
you need to log everything on your site, so you can proof that the
customer did download the product they paied for.

--

//Aho
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: reading files with accents in the filename from PHP
Next Topic: No action desired until one button is clicked
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 04:08:22 GMT 2024

Total time taken to generate the page: 0.03911 seconds