Paid Downloads System

Anon

I'm curtly working on the early design stages of a web app. I'm hoping to add to this app (in a later version) a facility whereby users will be able to purchase downloadable content (sound files, to be specific). I considerd symlinks, but the problem with that is, I want any user who has payed for a file to be able to download it at any time, not just immediately after paying, but they should have to be logged in to do it. I'm wondering what the best way to do this is? I've seen people talking about some way of passing a file directly to the user through a PHP script. Does this reveal the original file's URL?

Thanks for your help!

-Adrian Price
www.ah-pook.com

Anon

What I'd try:

1) Don't keep your .mp3 files anywhere in your web folders - keep them outside the HTML file structure.

2) Set Apache to parse .mp3 as a php file, so that the information you send will be viewed by their browser as an MP3, and they'll never see the PHP in the middle.

3) Use whatever security functions you deem necessary to ensure that the fella is OK.

4) If security passes, send him the MP3 he asks for, and make sure that there is NO OTHER PHP output. If not, send him an MP3 that explains about paying first!

5) look at fopen and print().

This is shooting from the hip, no guarantees...

-Ben

Anon

This is actually pretty easy.

Add .mp3 to your file types to be parsed by PHP, then store you MP3's someplace not accessible (/usr/share for instance), and finally you need to make a script that does something like this:

<PRE>
<?

$fd = fopen("$file","r+");
$this_mp3 = fread($fd,filesize($file));
 header("Content Type sound/mp3");
 echo $this_mp3;

?>
</PRE>

This is how you can send gifs created by php through files like image.php?bg=FFFFFF&fg=000000 Mime types and headers rule!

Anon

Why is it necessary to make MP3's parsed by PHP?