Reputation: 329
how can i block the user from downloading paid programs with out paying
I want to build e-commerce website with php and I will use omnipay library for paying. The problem is if the file in the url www.mywebsite.com/programs/paint.exe the user can write in his browser that url and the paid program will download..... I searched how to block user from downloading file like RewriteEngine but how can I let the file download if the user paid in this case?
Upvotes: 0
Views: 61
Answers (2)
Reputation: 334
In addition to using hashed filenames as Peter mentioned, you can use php to serve the file after authentication.
Create an htaccess rewrite to send any requests for the file directly to a php script. In the php script, perform some authentication (I.E. have the user login, or have them use a secured link which sets session variables, etc.). Then, if the user authenticated successfully, use php to return the file using http headers.
header('Content-Type: application/x-msdownload'); // Set this to a .exe
header('Content-Disposition: attachment; filename="paint.exe"'); // Set the filename to download.
$downloadFile = file_get_contents('programs/hashedpaintexename.exe');
echo $downloadFile;
NOTE: You will want to make sure that should you use hashed filenames you'll want your htaccess handle these hashed files as well.
Another option, if you've got the control over the server to do so, is you can have PHP load the file from outside of the website's directory instead of using a htaccess rewrite. For example, if your website directory is /var/www/mywebsite, have php load the executable from /whatever/path/you/want provided php has read-access to the directory.
Upvotes: 0
Reputation: 96
Maybe you can try these :
- Store your program name in hashed format, so instead of
www.mywebsite.com/programs/paint.exemaybe it's better in something like thiswww.mywebsite.com/programs/ca63ff966ff272da14e4fc2e73fcd399. You atleast have store your paid programs in a table and that table should provide its hash formatted name column. www.mywebsite.com/programs/paint.exethis url should and only accessible by authenticated user. And if it's already authenticated users, you check this user's purchase history, if he/she ever buy thispaint.exeprogram, if there is no record of his/her purchase, you must redirect he/she to your payment page.
Upvotes: 1
Related Questions
- How to prevent users from downloading source code files using the PHP download option I have for downloading pdf files in my web application?
- how to make a user restrict to download?
- PHP - Protecting digital Downloads
- disable download of my paid app in Android
- PHP: Let user download purchased file ONLY
- Does anyone know of a good script to force file downloads and yet protect download links on a PHP server?
- How to prevent the user from download anything on my website if he is not registered?
- How can I prevent users from downloading MP3s directly
- prevent users from downloading music
- How to protect website resource from downloading?