|
-
January 4th, 2006, 06:56 PM
#1
Senior Member
Password-protecting files on a web server
hi
I created a website for sale purchase of a book! The problem I am facing here, is that as soon as the user purchases a book, he's provided a link, from which he can download the file!
But, if some user, distributes the URL, the company will bear a loss. So, what I want is to provide the link to the book in such a way, that the user who has purchased the book can only use it and also on that very session, and later on if the URL is accessed directly, the book cant be downloaded!!
Any ideas, how to go about it?
-
January 4th, 2006, 08:47 PM
#2
You could have the actual books in a dir not accessible from the web, then have a page that will fetch the file they buy locally and send it to them. Of course you'd need to make sure you have a good way of validating that they're getting to the page they can download the product from a page where they purchased it. In php I'm pretty sure you could just do this if they buy a pdf:
PHP Code:
<?php
header('Content-Type: application/pdf');
echo file_get_contents('/offline/products/booktheybought.pdf');
?>
This is just a suggestion though. There's probably standard accepted ways of doing what you want to do, and I suggest you search around a little bit to see if you can find one that suits you. Good luck.
-
January 5th, 2006, 02:20 AM
#3
Hey codenamevirus I think the problem is a bit more complex than you describe.
But, if some user, distributes the URL, the company will bear a loss.
What about e-mail and filesharing?......................you have the same problem as recording companies and motion picture companies.
Once the person has a copy, you cannot do anything about what they do with it (illegally, of course)
-
January 5th, 2006, 06:47 AM
#4
Senior Member
hi nihil
actually u r right!! if some user puchases a copy of the book, after downloading(he doesnt require to validate it), so he can easily distribute the copy itself! So, there's no point in hiding the URL at all!
If the user wants to share it, he can do it in anyway!! But, do we hav any technologies(I certainly dont think so!) that will forbid the owners of the book from disrtibuting it?? Or atleast create some difficulties from doing so!
I know its a long-soughted problem and it really needs an answer! But, in the present situation, I am just a web developer, so I can ignore the fact of file sharing n email!! My client wants it to be in a way, such that when a users purchases a book, he's provided with a link, say www.domain.com/book.exe from where he can download this book! But, if someone else tries to access this book directly from this URL, he's not allowed to do so.
I think some technique of backgroud passing of a password(hidden from the purchaser) can be used! In which, the password passes only if the user is on a page that he sees after buying the product. And even this technique is hidden i.e. the purchaser will hav no clue that a password was passed in the background. In this way, the book atleat cant be donwloaded from the website in an illegal manner!!
But, I dont know how to go about it!! Do u hav any ideas or any other strategies?
-
January 5th, 2006, 06:59 AM
#5
I think some technique of backgroud passing of a password(hidden from the purchaser) can be used! In which, the password passes only if the user is on a page that he sees after buying the product. And even this technique is hidden i.e. the purchaser will hav no clue that a password was passed in the background. In this way, the book atleat cant be donwloaded from the website in an illegal manner!!
Thats what called "Maintaining a State" and thats where "Session Variables and Cookies" come in.
With PHP, you do so by :
PHP Code:
$_Session["loggedIn"] = true/false
setcookie("user")("loggedIn") = true/false
With ASP :
Code:
Session("loggedIn") = true/false
Response.Cookies("user")("loggedIn") = true/false
I hope this helps.
- :S:
\"And life is what we make it. Always has been, always will be.\"
-
January 5th, 2006, 11:48 AM
#6
codenamevirus - I do not know much about PHP, so I'm afraid I can't help you. But, something that you could do is that when the user purchases the book, depending on their details give them a username and password (for example if Joe Smith buys your book, username is 'jsmith'. Leave the password to be generated automatically). Then, give them a time limit of 1/2 hours to go to the following page and, using their new username and password, gain access to the book and download it. The username and password expire after 1/2 hours, so nobody else will have enough time to download it. This one would work, but I have no clue how to code it. 
Good luck!
-jk
-
January 5th, 2006, 03:02 PM
#7
Senior Member
Thats what called "Maintaining a State" and thats where "Session Variables and Cookies" come in.
With PHP, you do so by :
PHP Code:
$_Session["loggedIn"] = true/false
setcookie("user")("loggedIn") = true/false
With ASP :
Code:
Session("loggedIn") = true/false
Response.Cookies("user")("loggedIn") = true/false
This may seem to b a dumb question, but how actually do I integrate the above statements with my present HTML n PHP code??
When the user purchases the book, depending on their details give them a username and password (for example if Joe Smith buys your book, username is 'jsmith'. Leave the password to be generated automatically). Then, give them a time limit of 1/2 hours to go to the following page and, using their new username and password, gain access to the book and download it. The username and password expire after 1/2 hours, so nobody else will have enough time to download it.
This actually is a gr8 idea and I also hav heard about techniques that generates password randomnly with a username and deactivates them after some specified time!
But, I am not sure, whether this kinda technique actually exist!!
Thnx anyways
More sugesstions are appreciated....
-
January 5th, 2006, 05:40 PM
#8
Originally posted here by :Singh:
Thats what called "Maintaining a State" and thats where "Session Variables and Cookies" come in.
With PHP, you do so by :
PHP Code:
$_Session["loggedIn"] = true/false
setcookie("user")("loggedIn") = true/false
With ASP :
Code:
Session("loggedIn") = true/false
Response.Cookies("user")("loggedIn") = true/false
I hope this helps.
- :S:
this really doesnt do anything unless the book is only available on php/asp/whatever pages online. if the file is to be downloaded in a zip/tar/whatever, then h3r3tic's idea works. use a buffer to output the file from a nonpublic location. you can also use .htaccess, usernames, and passwords if you want to get complicated.
-
January 6th, 2006, 05:27 PM
#9
Senior Member
thank you guys for your answers.
csl the solution gav actually helped a lot. And now the book will not be distributed from the website, atleast.
Thank u all!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
