tags:

views:

69

answers:

5
+2  Q: 

PHP possible to lock downloaded content?

Hi There,

I am currently working on a project that will work on a membership system. The theory behind the website is that you can download electronic (PDF) versions of a magazine, if you are a paying member of the website.

The problem arises in that after downloading the PDF it can be sent to anyone and accessed by anyone. Is there a way to only allow the member that paid for the PDF access to it. Is there a 3rd party service that could host the PDF's and allow them to read by the user at a unique URL that holds a random string unique to that download?

Being able to stop the ability to openly distribute the PDF's and view them without being a member is paramount.

Does anyone of have any ideas? Basically I am looking for a DRM like system for PHP (I am assuming it is impossible)

+6  A: 

Render their name, credit card number and valid thru date on every single page.

kovshenin  2010-10-22 14:37:26
This could be very effective :p
Colin O'Dell  2010-10-22 14:39:09
I bought the PHP Study Guide PDF from Zend Technologies earlier this year. They didn't print out my CC number, but they did render my name ) Though credit card number could be much more effective.
kovshenin  2010-10-22 14:41:26
hehehe.. yep, probably quite effective! Just as long as you consider the possibility of a particularly dumb user not realising what you've done, sharing it anyway, and then suing you when their card number gets abused.
Spudley  2010-10-22 14:45:38
@Spudley: Unless that data is passed over a TLS connection using <input type="hidden" />.
Saul  2010-10-22 14:56:52
Write it in the license agreement, if of course that's fine with the state law.
kovshenin  2010-10-22 14:59:11
+1  A: 

You can hide the PDF's URL from the user by using a download.php together with an ID that will only deliver files to the user if he/she has the appropriate rights. This way you can prevent users from sending the download-link to somebody else. Users without the proper credentials won't be able to start the download then ...

But: As soon as the PDF left your server (even if a second user may not be able to download it), the first user can do whatever he/she likes with it. Even if you encrypt your PDFs, hide them in password-protected ZIP-archives, lock them in a chest and bury them six feet underground ... the first user must have the information to read the PDF and can give it to anybody else ...

Select0r  2010-10-22 14:38:09
+2  A: 

Password protect the PDF with a passkey that is unique to the user who has downloaded it (such as their password for your site). There's nothing to stop the registered user giving away their passkey to anybody else that they give a copy of the file to though.

Mark Baker  2010-10-22 14:41:51
This is what php|architect does
Mark Baker  2010-10-22 14:50:26
+1  A: 

If users can read the text on their computer screen then it's already on their machine. In that case your only ally against unsolicited copying is ignorance.

In other words, it's sensible to make the copying of text as difficult as possible.

For example, don't offer the PDF directly but display it through a Flash-based reader. Then the only way for users to copy it is to make a screenshot of each page. Which is the best "copy-protection" you can get without using heavy-handed encryption in combination with a physical security token.

And of course, you can include sensitive information on every page, such as names, passwords etc to make the theoretical copying process even more ardous.

Saul  2010-10-22 14:52:15
+1  A: 

How about this--rather than --giving-- them a copy that they can do whatever with, why not give them access to a Flash-based "pageflip" system with your pdf on it. You control access to the page via login, and you also control the content.

ANY code or content that you give to the user can be stolen. It just depends on the energy and knowledge of your user as to how many will steal it. Many times, the tougher the protection, the more likely they are to share it with others...hence, the plethora of Adobe CS5 downloads on Warez sites.

(Yes, for those of you who will inevitably point it out, I can steal flash too, but it's a lot of work!)

bpeterson76  2010-10-22 14:55:22
Usually, the usability of these systems sucks. What if you want to read offline (e.g. on your Kindle, phone, whatever...)?
middus  2010-10-22 15:14:27
Geez, you kids and your toys.... Agreed, though as often goes in UI challenges you have to determine which is more important.
bpeterson76  2010-10-22 15:20:21

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases