MichiganRon
MIS
Okay. Here's what I want to do. I'm not necessarily looking for any specific code here. I just want some ideas.
I want to write a security/authentication system that will allow certain users to download specific files after they have paid for them. I don't want other users to be able to download these files if they have not paid for them. I also don't want anonymous users to be able to download these files.
I DON'T want to use any server-based user system like FTP where each user has an account on the server. I mean, we're talking hundreds or thousands of users. Manually managing that many user accounts and file rights is not an option.
I will be using a MySQL database to store the user accounts and file locations.
My first thought is to have the files stored in a "secret" location on the server and have a different virtual directory created for each paid customer. However, this would require me to be able to dynamically create a virtual directory each time a user pays for a download. I don't know if this is possible.
Another idea I thought of is to have a download script which authenticates whether the user has rights to download a specific file and then redirects and starts downloading the file. (eg: There is one problem with this; How do I hide the file location so that users can't just link directly to the file?
I've racked my brain on these ideas and am at a loss. Any ideas are greatly appreciated.
Thanks,
-Ron
We all play from the same deck of cards, it's how we play the hand we are dealt which makes us who we are. -Me
murof siht edisni kcuts m'I - PLEH
I want to write a security/authentication system that will allow certain users to download specific files after they have paid for them. I don't want other users to be able to download these files if they have not paid for them. I also don't want anonymous users to be able to download these files.
I DON'T want to use any server-based user system like FTP where each user has an account on the server. I mean, we're talking hundreds or thousands of users. Manually managing that many user accounts and file rights is not an option.
I will be using a MySQL database to store the user accounts and file locations.
My first thought is to have the files stored in a "secret" location on the server and have a different virtual directory created for each paid customer. However, this would require me to be able to dynamically create a virtual directory each time a user pays for a download. I don't know if this is possible.
Another idea I thought of is to have a download script which authenticates whether the user has rights to download a specific file and then redirects and starts downloading the file. (eg: There is one problem with this; How do I hide the file location so that users can't just link directly to the file?
I've racked my brain on these ideas and am at a loss. Any ideas are greatly appreciated.
Thanks,
-Ron
We all play from the same deck of cards, it's how we play the hand we are dealt which makes us who we are. -Me
murof siht edisni kcuts m'I - PLEH