One Download Per IP

draggy

hi....

Is there any tutorial or PHP script that allow me to limit one download for one IP address?

I only know how to get the user IP address by using $_SERVER["REMOTE_ADDR"] but I don't know how to check if that person is downloading a file or not...

Thank
😃

jignesh1

first create a database and get user IP and store in database whenever the user try to download make a script lookup the ip address in the database if the ip exists then dont make file avaiable to the user if not then make it aviable to the user

phporcaffeine

It's not necessarily that easy. There isn't a secure 'solution' to your original post.

Firstly, a person can easily get a new IP address if they are on Dial-up. If the user has DSL / Broadband their IP address won't refresh as quickly but it can after a day or so of inactivity.

Secondly, assuming that the user new the server path to the file that they wanted (presumably, from a previous download) all the user has to do is point the browser directly to the file.

While the above would work, it wouldn't stop anyone that 'really' wanted the file. It's like a padlock, it only keeps honest people honest.

Bottom line, if the file is on the net someone will find a way to get it somehow.

Your only secure solution is to develope the code in a way that your server path is NEVER parsed to the browser or stored in browser cache.

sid

phporcaffeine wrote:
Your only secure solution is to develope the code in a way that your server path is NEVER parsed to the browser or stored in browser cache.

i dont necessarily agree to that. one can have the data sitting in a folder that is outside of the web-root and serve it by a script. i am doing so on a site, which allows a max. of 50 mp3 downloads per day, where the downloading script counts the number of downloads. this script could also check for ip's. however - "one per ip" is realy hard to implement - partly due to the issues noted above. dynamic ip's are a real b*tch in this issue as well. other things to look into would be cookies (downfall: if cookies are disabled) or sessions (downfall: session gets lost when browser is closed), user registration (downfall: users can create multiple accounts), email with verification (downfall: users can use multiple email addresses and you should verify them first).

personally i would go about it with the email solution and would email a one-time (checked like initially explained) link to the email address - and only once to a single address. of course it also depends on things such as cost/benefit, etc.

rock on.

phporcaffeine

Very good point, and yes that is a very GOOD solution, assuming that you are not third party hosted and have access to such folders ( not ALL hosts allow you to go outside of WWW).

You also have to take into consideration the type of box your on, type of server... etc? Apache and IIS are a bit different when it comes to folders and paths. If your on a Linux box then your in for a new world altogether (in contrast to a windows box).

sid wrote:
i dont necessarily agree to that. one can have the data sitting in a folder that is outside of the web-root and serve it by a script. i am doing so on a site, which allows a max. of 50 mp3 downloads per day, where the downloading script counts the number of downloads. this script could also check for ip's. however - "one per ip" is realy hard to implement - partly due to the issues noted above. dynamic ip's are a real b*tch in this issue as well. other things to look into would be cookies (downfall: if cookies are disabled) or sessions (downfall: session gets lost when browser is closed), user registration (downfall: users can create multiple accounts), email with verification (downfall: users can use multiple email addresses and you should verify them first).

personally i would go about it with the email solution and would email a one-time (checked like initially explained) link to the email address - and only once to a single address. of course it also depends on things such as cost/benefit, etc.

rock on.

Sangre

Is it also possible to make a folder CHMOD to read access only by server?
and what would the PHPcommand line be, so give a file to a user?

I know how to do it with images (GD and createimagefromjpg etc)
but how with a zip files, and not giving away the serverpath?

phporcaffeine

chmod() is the PHP method assuming that you have a Linux server (You have to do it through Windows on a Windows box)

draggy

phporcaffeine wrote:
Very good point, and yes that is a very GOOD solution, assuming that you are not third party hosted and have access to such folders ( not ALL hosts allow you to go outside of WWW).

You also have to take into consideration the type of box your on, type of server... etc? Apache and IIS are a bit different when it comes to folders and paths. If your on a Linux box then your in for a new world altogether (in contrast to a windows box).

Thank you all for replying 😃

Could Mr. phporcaffeine post some source code sample or link? :bemused:

cause I'm not so sure how to do it.... :bemused:

Thanks

phporcaffeine

draggy wrote:
Thank you all for replying 😃

Could Mr. phporcaffeine post some source code sample or link? :bemused:

cause I'm not so sure how to do it.... :bemused:

Thanks

http://www.php.net/chmod

bradgrafelman

Or just use a .htaccess file to prevent people from accessing the folder:

Order allow,deny
Deny from all