secure download script

VooDooRT

I looking to write a secure download script that allows members only to download a file. It will be used for my web business, and I need the file in a secure location so other people will NOT be able to download it. Any ideas where to start?

Thanks!

IceD

Try "Basic HTTP Authentication" (see manual). Or create login script and download script, which will read file from disk and pass it to user. In this case you'll be able to monitor all downloads.

dawson1323

You really dont need a script, just make a page with links to files to be downloaded and use (on Unix/Linux) htaccess or (on Win) IIS settings to call a login before the page can be accessed.

-D

michael

I would write a redirector program.

I would pass a download code consisting of a SHA-1 of the epic date, hour and minute*their ID in the db.

If the download code does not match, the file is not downloaded.

And a secure HTTPS (open SSL) would be good.

VooDooRT

Ok, I have absolutly NO idea what you guys just said...lol

Newbie here...

michael

Ah... forget it.

Just make people login using md5 or sha-1 for passwords,
and then give them a page full of links.

We'll work on the passthru script and 1-minute expiring links next time.

ednark

break up the download into two steps:

1) login & authenticate. Use the same scheme that you use for the rest of your site

and if the user has the correct permissions

2) instead of print()ing html text to the screen, just output the binary file instead,

this way you can keep the files to download outside of your web directory, and have php open then only when some other script has authenticated the user

does that make sense?