views:

63

answers:

1

Here's how it works:

  • User makes a payment
  • User receives a password
  • Their user name will be their email
  • A folder will be created for that user, which contains the files the user paid to have access to.

My main problem is that the software needs to be protected, and the password will be dynamically created. So I'm wondering if I need to create an .htaccess and a .htpaaswd, if that's the case, how would can I do this dynamically?

+2  A: 

Probably the same way Wordpress creates/modifies a .htaccess file.

You simply need to create a script that will generate the correct file contents for a .htpass or a .htaccess file.

When a user purchases something, add a line to the .htpass file that contains the user/pass combination, and all them to a group (probably based on filename). Then, only allow that group to access that file.


Another way to do this would be through databases.

First, when the user makes a payment, have a few tables to store their data.

First Table: User/Password

This stores the email/password combination that must be used to gain access to the users files. Basically the table consists of

int Unq_ID | text Email_Addr | varchar(150) Password

That holds your user/pass combinations.

Second Table: Files

This table holds all of your files names, IDs and where they are created.

int Unq_ID | varchar(150) Name | text Directory

Third Table: Relationship

This last table holds the relationship between the User and the Password. Also very simple:

int Unq_ID | int User_ID | int Product_ID

Basically, if the person logs in with a valid Username/Password, you go grab relationship entries that match their User_ID, and join the files with on the Product ID. To verify they can download something, simply check that an entry exists that has the right User_ID and Product_ID.


To protect a file from being accessed, make an htaccess file like this

RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^.+$ [NC]
RewriteRule .* - [F,L]

which deny from anyone accept PHP's fopen function. Then you just create a PHP script that grabs the contents, and presents it as a download.

Chacha102
There are probably much easier ways to do this, one which I will expand upon in a minute.
Chacha102
But, thats just because I prefer databases.
Chacha102
I really liked this way though, I feel more comfortable with databases too, but just one question. How would I go about protecting the folders from direct access?
Carlo
Updated with that. You might want to search on how to present a file as a download using PHP headers.
Chacha102
Ok I'll start working on this, thank you very much for your help, really appreciated!
Carlo
Hey Chacha102, if it's not much to ask, can you pinpoint me to a website on how to create the PHP script for the contents? I've been searching but no luck.
Carlo
Look at this comment on php.net: http://us3.php.net/manual/en/function.header.php#88038 That explains how the headers. Then you just need to fopen and read the content from the file, and echo it onto the page.
Chacha102
Great, thank you!
Carlo