Password-protecting files on a web server
Results 1 to 9 of 9

Thread: Password-protecting files on a web server

  1. #1
    Senior Member codenamevirus's Avatar
    Join Date
    Jun 2005
    Location
    Faridabad, Haryana, India
    Posts
    298

    Password-protecting files on a web server

    hi

    I created a website for sale purchase of a book! The problem I am facing here, is that as soon as the user purchases a book, he's provided a link, from which he can download the file!

    But, if some user, distributes the URL, the company will bear a loss. So, what I want is to provide the link to the book in such a way, that the user who has purchased the book can only use it and also on that very session, and later on if the URL is accessed directly, the book cant be downloaded!!

    Any ideas, how to go about it?
    CodeNameVirus

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    You could have the actual books in a dir not accessible from the web, then have a page that will fetch the file they buy locally and send it to them. Of course you'd need to make sure you have a good way of validating that they're getting to the page they can download the product from a page where they purchased it. In php I'm pretty sure you could just do this if they buy a pdf:
    PHP Code:
    <?php
    header
    ('Content-Type: application/pdf');
    echo 
    file_get_contents('/offline/products/booktheybought.pdf');
    ?&
    gt
    This is just a suggestion though. There's probably standard accepted ways of doing what you want to do, and I suggest you search around a little bit to see if you can find one that suits you. Good luck.

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hey codenamevirus I think the problem is a bit more complex than you describe.

    But, if some user, distributes the URL, the company will bear a loss.
    What about e-mail and filesharing?......................you have the same problem as recording companies and motion picture companies.

    Once the person has a copy, you cannot do anything about what they do with it (illegally, of course)

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Senior Member codenamevirus's Avatar
    Join Date
    Jun 2005
    Location
    Faridabad, Haryana, India
    Posts
    298
    hi nihil

    actually u r right!! if some user puchases a copy of the book, after downloading(he doesnt require to validate it), so he can easily distribute the copy itself! So, there's no point in hiding the URL at all!

    If the user wants to share it, he can do it in anyway!! But, do we hav any technologies(I certainly dont think so!) that will forbid the owners of the book from disrtibuting it?? Or atleast create some difficulties from doing so!

    I know its a long-soughted problem and it really needs an answer! But, in the present situation, I am just a web developer, so I can ignore the fact of file sharing n email!! My client wants it to be in a way, such that when a users purchases a book, he's provided with a link, say www.domain.com/book.exe from where he can download this book! But, if someone else tries to access this book directly from this URL, he's not allowed to do so.

    I think some technique of backgroud passing of a password(hidden from the purchaser) can be used! In which, the password passes only if the user is on a page that he sees after buying the product. And even this technique is hidden i.e. the purchaser will hav no clue that a password was passed in the background. In this way, the book atleat cant be donwloaded from the website in an illegal manner!!

    But, I dont know how to go about it!! Do u hav any ideas or any other strategies?
    CodeNameVirus

  5. #5
    Senior Member
    Join Date
    Mar 2005
    Posts
    175
    I think some technique of backgroud passing of a password(hidden from the purchaser) can be used! In which, the password passes only if the user is on a page that he sees after buying the product. And even this technique is hidden i.e. the purchaser will hav no clue that a password was passed in the background. In this way, the book atleat cant be donwloaded from the website in an illegal manner!!
    Thats what called "Maintaining a State" and thats where "Session Variables and Cookies" come in.

    With PHP, you do so by :
    PHP Code:
    $_Session["loggedIn"] = true/false
    setcookie
    ("user")("loggedIn") = true/false 
    With ASP :
    Code:
    Session("loggedIn") = true/false
    
    Response.Cookies("user")("loggedIn") = true/false
    I hope this helps.


    - :S:
    \"And life is what we make it. Always has been, always will be.\"

  6. #6
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    codenamevirus - I do not know much about PHP, so I'm afraid I can't help you. But, something that you could do is that when the user purchases the book, depending on their details give them a username and password (for example if Joe Smith buys your book, username is 'jsmith'. Leave the password to be generated automatically). Then, give them a time limit of 1/2 hours to go to the following page and, using their new username and password, gain access to the book and download it. The username and password expire after 1/2 hours, so nobody else will have enough time to download it. This one would work, but I have no clue how to code it.

    Good luck!

    -jk
    TAZForum <---- click

  7. #7
    Senior Member codenamevirus's Avatar
    Join Date
    Jun 2005
    Location
    Faridabad, Haryana, India
    Posts
    298

    Thats what called "Maintaining a State" and thats where "Session Variables and Cookies" come in.

    With PHP, you do so by :
    PHP Code:
    $_Session["loggedIn"] = true/false
    setcookie
    ("user")("loggedIn") = true/false 
    With ASP :
    Code:
    Session("loggedIn") = true/false
    
    Response.Cookies("user")("loggedIn") = true/false
    This may seem to b a dumb question, but how actually do I integrate the above statements with my present HTML n PHP code??


    When the user purchases the book, depending on their details give them a username and password (for example if Joe Smith buys your book, username is 'jsmith'. Leave the password to be generated automatically). Then, give them a time limit of 1/2 hours to go to the following page and, using their new username and password, gain access to the book and download it. The username and password expire after 1/2 hours, so nobody else will have enough time to download it.
    This actually is a gr8 idea and I also hav heard about techniques that generates password randomnly with a username and deactivates them after some specified time!

    But, I am not sure, whether this kinda technique actually exist!!

    Thnx anyways

    More sugesstions are appreciated....
    CodeNameVirus

  8. #8
    Banned
    Join Date
    Nov 2005
    Posts
    63
    Originally posted here by :Singh:
    Thats what called "Maintaining a State" and thats where "Session Variables and Cookies" come in.

    With PHP, you do so by :
    PHP Code:
    $_Session["loggedIn"] = true/false
    setcookie
    ("user")("loggedIn") = true/false 
    With ASP :
    Code:
    Session("loggedIn") = true/false
    
    Response.Cookies("user")("loggedIn") = true/false
    I hope this helps.


    - :S:
    this really doesnt do anything unless the book is only available on php/asp/whatever pages online. if the file is to be downloaded in a zip/tar/whatever, then h3r3tic's idea works. use a buffer to output the file from a nonpublic location. you can also use .htaccess, usernames, and passwords if you want to get complicated.

  9. #9
    Senior Member codenamevirus's Avatar
    Join Date
    Jun 2005
    Location
    Faridabad, Haryana, India
    Posts
    298
    thank you guys for your answers.

    csl the solution gav actually helped a lot. And now the book will not be distributed from the website, atleast.

    Thank u all!
    CodeNameVirus

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •