Ok, my turn to ask a question. 🙂
Visitors to my website need to buy access to very high res (300dpi) photos for use in their graphic design projects. The website is for people who are on deadline and/or don't want to wait 36 hours for FedEx for a PhotoCD.
Things I am thinking about:
for now, no user logins/passwords, each purchase is considered unique and "anonymous" in that we don't know who it is on the server side (of course I can browse Payflow Link's website later, which brings me to...)
my website will send to Payflow Link:
-image ID
-a random 16 char password to the image unique to that visitor (which is then written into their transaction info so I can browse it in Payflow Link's website later to link passwords to customers)
-possibly an expiration date for the password
I expect back from Payflow Link:
-the same 16 char password which I will write to a database and associate with the image ID
-possiblye an expiration date for that password too.
The database will be out of the user directory but may be a flat file for starters until I get familiar with MySQL.
At this time I am debating NOT using a shopping cart but having each item a separate order. I'm looking into osCommerce PHP shopping cart which was recommended here on the forum. Generally, I want to fully understand code (even someone else's) before I put it live.
I will create various admin type pages for the site to view passwords, etc. if a user forgets one my site admin can look up a password for that photo. The problem with this is there is no name association. Maybe I should at least get the person's name and ZIP back from Payflow Link to simplify lookups.
To protect the admin pages, in an .htaccess file, I will simply:
<Files *admin.php>
require group admins
</Files>
and of course create the appropriate users for admins.
I guess I need to use sessions to have a # of tries allowed before they must wait 15 minutes. Otherwise someone could write a script to traverse through all 16 digit codes from 0000000000000000 to FFFFFFFFFFFFFFFF.
When the person returns back from Payflow Link, they are given a URL to retrieve the high res picture they have purchased the rights to like http://www.elvis.com/paidimages/show.php?id=490D8F72E94B0A5C
How rigorous does my code need to be in show.php to not be abused? Of course I will unset $id and set $_GET['id'].
Is htaccess sufficient to stop browsing and other mischief inside /paidimages/?
What am I forgetting? How secure is this?
