tags:

views:

109

answers:

2
+3  Q: 

How to offer large audio files for download after payment

Hi,

I want to offer audio files for download on my site, after a user has completed a PayPal transaction. The commerce side of it is already written and working - the site is built in PHP with Zend Framework.

So that I don't incur large charges for storage and bandwidth, I'd like to host the files on a service like Amazon S3. However, I'm not sure if this is suitable for my requirements. Once the PayPal transaction is completed, I'd like to assign the user a unique id key of some kind, send them to a location where they enter the key, and the file they have bought is offered for download. The key would then expire.

I have no problem with writing the code to generate, store and delete the key. My question is this: how can I protect/hide a file stored on Amazon S3, and then offer it for download to an authorised user with a URL which subsequently becomes invalid, whilst also transferring the file directly from Amazon, rather than it passing through my server?

Is this possible, or do I need another solution?

+1  A: 

Amazon S3 has a "Pre-signed URL" feature which allows you to build a URL to access otherwise-protected content, with a time limit. On their documentation page, look for "Query String Request Authentication Alternative"

Andrew Aylett  2010-03-16 13:59:53
Thanks Andrew - that looks like the right thing to do.I'm considering extending the Zend_Service_Amazon_S3 class to provide this functionality (creating and signing a URL with an expiry date). Do you know if anyone else has done this already?
George Crawford  2010-03-16 15:59:36
Not a clue, I'm afraid.
Andrew Aylett  2010-03-16 16:08:58
A: 

Admittedly I know very little about Amazon S3, but if you stored the file in a database in S3 and wrote a page that would serve the file from the database given a correct key. Then all you would have to do was to publish a web-service on S3 that you could call from your website to authorize a given key, and after that just redirect your user to the page that serves the file.

klausbyskov  2010-03-16 14:00:35
Unfortunately, S3 doesn't work like that -- it's a static store, no scripting allowed. Amazon does also have cloud computing (EC2) but that's a separate service.
Andrew Aylett  2010-03-16 16:07:29
@Andrew Aylett: Oh, I see. Then my answer makes little sense.
klausbyskov  2010-03-16 16:13:26

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases