FUDforum: comp.lang.php » Secure website

Home » Imported messages » comp.lang.php » Secure website

Show: Today's Messages :: Polls :: Message Navigator

Re: Secure website [message #183537 is a reply to message #183534]

Wed, 30 October 2013 05:52

J.O. Aho
Messages: 194
Registered: September 2010

Karma:

Senior Member

On 30/10/13 04:02, Graham Hobbs wrote:
> Hellop,
>
> I have an ordinary website (all PHP), it has no 'conscious'
> protections, just code that does a job. One page (not written yet
> because I don't know how), will advertise a product for sale.
>
> My concept is that a buyer goes to a paypal screen, does the
> necessary, when payment is verfified and paid, an email is
> automatically sent to the buyer with a download key. At the buyers
> dicretion, they go to the download page, enter the key and the
> software gets downloaded. Is this sort of thing a novice PHP'er could
> do.

Sure a novice coder could do it, but the question is if it's a good
solution they do or not.

> ... how to prevent more than one download, do I store the software
> package on my ISP's server, is it safe, since it has several exe files
> would they be in a zip file, how to assign a download key, let the
> whole process be automated?

You store the key in a database, together which package, who and a
download time.
When the user request for the file, you check against the database to
see if the row has a download time, if not allow the start of the
download (keep in mind that the user do not get a direct download link,
but it's the php which serves the content to the user) and when the
whole file been sent, then update the row with a download time.

See to that the zip files ain't located in the DocumentRoot directory,
for it they do, then you can download them without the need of the key
you want to send.

And yes, it can be made completely automated, take advantige of the
PayPal IPN system and do not forget that PayPal transactions has a highe
chargeback fee and customers do more disbutes than with other payment
alternatives, so somone could pay and download your product and then
disbute the payment and in worst case you will have to pay for it, so
you need to log everything on your site, so you can proof that the
customer did download the product they paied for.

--

//Aho

Report message to a moderator

[Message index]

		Secure website By: Graham Hobbs on Wed, 30 October 2013 03:02
		Re: Secure website By: Denis McMahon on Wed, 30 October 2013 03:26
		Re: Secure website By: J.O. Aho on Wed, 30 October 2013 05:52
		Re: Secure website By: Graham Hobbs on Wed, 30 October 2013 14:47
		Re: Secure website By: J.O. Aho on Wed, 30 October 2013 17:03
		Re: Secure website By: Graham Hobbs on Wed, 30 October 2013 23:18
		Re: Secure website By: Jerry Stuckle on Wed, 30 October 2013 18:56
		Re: Secure website By: Graham Hobbs on Wed, 30 October 2013 23:15
		Re: Secure website By: Jerry Stuckle on Thu, 31 October 2013 03:03
		Re: Secure website By: Graham Hobbs on Thu, 31 October 2013 14:27
		Re: Secure website By: Jerry Stuckle on Thu, 31 October 2013 15:24
		Re: Secure website By: Graham Hobbs on Thu, 31 October 2013 16:47
		Re: Secure website By: Jerry Stuckle on Fri, 01 November 2013 00:36
		Re: Secure website By: David Quinton on Thu, 31 October 2013 10:24
		Re: Secure website By: Graham Hobbs on Thu, 31 October 2013 14:28

Previous Topic:	reading files with accents in the filename from PHP
Next Topic:	No action desired until one button is clicked

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Thu Sep 19 17:00:22 GMT 2024

Total time taken to generate the page: 0.03752 seconds