Hello Kristina,
First off, don't have the PDF's "serveable" from Apache.
Have them OUT of the web root.
Second, after they pay, and get the IPN feedback to validate the sale,
you could copy the pdf from your safe directory (outside of apache)
to the webroot and rename it something unique.
You could go so far as creating a maze of unique directories:
ie: /ra123/poo/fluff/uuid123123123123.pdf
Then remove it after 24 hours or something.
- Ben
Kristina Anderson wrote:
This might be off topic as well...but I have a PHP app that submits to
Paypal and then on the "thank you" page, I provide a link to a PDF that
they bought.
The server is Unix based, and before submitting the sale, I collect
various information about the user, and then when the transaction is
complete, I get a unique transaction ID from Paypal.
What's the easiest, quickest way to provide some level of complexity to
the downloads so that people can't just go back into the directory and
download every PDF without paying? It doesn't have to be 100% secure
but should be secure enough to keep out "most" people.
I've been looking into .htaccess but wondering if that's overkill and
there isn't some way to authenticate against my DB information before
allowing the download?
-- Kristina
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
