force download restricted zip file with php

Question

Hi I am letting users purchase hidden virtual mov.zip files with paypal. I got the transaction part and the storing the details in the database etc... but after the user comes back to the transaction page I want to link them to the zipped file which is in a restricted folder (.htaccess deny from all). how can i grant them access into this directory to download the file for a couple of days. I can't temporarily move the file out of the directory because of its very large size (its a package of hd action effects).

Thank you.

Answer 1

If your hosting allow you to change the PHP setting for the script timeout, you could just stream the file through a PHP script that would check the user access.

For example, the request :

>http://domain.com/download.php?file=be6bc64c94bbc062bcebfb40b4f93304

<?php
session_start();

if (!isset($_GET['file']) header('Location: index.php'); // invalid request

// 1. check user session
...
// 2. get file from hash (use a Db like MySQL
$file = ...;

// 3. check user privilege for the given file
...

// 4. proceed to download
if (file_exists($file)) {
    set_time_limit(0);
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename='.basename($file));
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
} else {
    // error 404
}