NYCPHP Meetup

[Kristina Anderson]

This is similar to what I was planning on doing...

http://www.proofmagazine.com/getfile.php?
tx=funkypaypaltransid&PDFid=1234&file=file.pdf

authenticates against the transaction id / pdf id pair and then serves 
up a file...but where does the file live and how does this page know 
where to find it and etc...that's what I'm not clear on, can anyone 
further explain this file=file.pdf aspect?

> The entire app is written except for this part of it, and I am 
> expecting to be able to implement something with medium security in a 
> reasonable period of time, like, today :)
> 
> And the client has stated they do not want any solution where the 
> customer has to be emailed, they want a direct link for the download 
> right after payment.
> 
> I like the idea of using the transaction id/PDF id pair in a lookup 
> table to authenticate the redirect to a file download URL...
> 
> -- Kristina
> 
> 
> > my question is do you really need to custom roll this out - there 
are 
> a
> > few apps (which are slipping my mind atm) that do exactly this out 
of
> > the box..... ?
> > 
> > 1) customer order is directed to paypal
> > 2) on payment complete paypal notifies your script
> > 3) customer receives download link via email
> > 4) customer has X times to download the file within Y time
> > 5) Admins can reactivate the order allowing X more times or Y time 
to
> > download
> > 6) works with any number of download products
> > 
> > and that's just the framework method... you could use a zencart /
> > freeway /x-cart if you needed a more robust solution
> > 
> > Dan Horning
> > 
> > American Digital Services - Where you are only limited by 
imagination.
> > direct 1-866-493-4218 . main 1-800-863-3854 . fax 1-888-474-6133
> > dan.horning at planetnoc.com
> > http://www.americandigitalservices.com
> > 
> > 
> > -----Original Message-----
> > From: talk-bounces at lists.nyphp.org [mailto:talk-
> bounces at lists.nyphp.org]
> > On Behalf Of Ajai Khattri
> > Sent: Wednesday, May 28, 2008 12:18 PM
> > To: NYPHP Talk
> > Subject: Re: [nycphp-talk] protecting download directory in PHP app 
on
> > Unix box?
> > 
> > On Wed, 28 May 2008, Kristina Anderson wrote:
> > 
> > > Hmm... I like this... if I copy the file to the web server I can 
> name 
> > > the directory after their transaction ID....make unique directory 
> for 
> > > each customer...then delete them after a day or so...we have lots 
> of 
> > > room..is this doable on a shared host?  ...outside "public_html" 
is 
> > > outside the root, or no?
> > 
> > As someone else pointed out, you probably should NOT have Apache 
serve
> > the 
> > PDF directly. Much better to generate a token that gets emailed to 
> them 
> > when they checkout. During the checkout, you would need to make a 
> record
> > 
> > of the transaction and token. You will need to write a download 
> script 
> > that takes the token, does some checks in your database and then 
> returns
> > 
> > the PDF directly with the correct MIME type.
> > 
> > 
> > 
> > -- 
> > Aj.
> > 
> > _______________________________________________
> > New York PHP Community Talk Mailing List
> > http://lists.nyphp.org/mailman/listinfo/talk
> > 
> > NYPHPCon 2006 Presentations Online
> > http://www.nyphpcon.com
> > 
> > Show Your Participation in New York PHP
> > http://www.nyphp.org/show_participation.php
> > 
> > 
> > 
> > _______________________________________________
> > New York PHP Community Talk Mailing List
> > http://lists.nyphp.org/mailman/listinfo/talk
> > 
> > NYPHPCon 2006 Presentations Online
> > http://www.nyphpcon.com
> > 
> > Show Your Participation in New York PHP
> > http://www.nyphp.org/show_participation.php
> > 
> > 
> 
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 
>