Yes, but unauthorized users can still just key in the URL
( into their browser and get around
the session verification.

I have toyed around with dynamically building the file when it is
needed, but I need to delete it once it has been downloaded by the user.
How can I delete a file as soon as it has been downloaded?

Ron Stagg

-----Original Message-----
From: 1LT John W. Holmes [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, May 29, 2002 2:57 PM
Subject: Re: [PHP] ******************* Secure product download

{ header("Location:";); }
//show download code....

Obviously you set $_SESSION['did_pay'] to a value once they, umm, pay.

---John Holmes...

----- Original Message -----
From: "Ron Stagg" <[EMAIL PROTECTED]>
Sent: Wednesday, May 29, 2002 4:47 PM
Subject: [PHP] ******************* Secure product download

I am building a site where visitors can purchase and download software.
To purchase a software product, the visitor must submit credit card
info.  Once the purchase has been approved, the user is given a link
from which he/she may download the requested software.  This link MUST
only be accessible to those who have paid.  I have tried a number of
different and creative methods, but none give me the security I need.  I
don't want the user to be able bookmark the URL or email the URL to
friends so that they can download the software as well.  I am using PHP
sessions combined with MySQL user accounts to authenticate users
throughout the rest of the site.  How can I get this to work for

Is this even possible within the open realm of the browser?  Have any of
you solved a similar problem?  I welcome any ideas.

Ron Stagg

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to