> I have a site that sells software and wants to have downloadable purchases. > > Is there a way to encrypt a URL that will still work when clicked on, BUT > not show the customer where the file actually resides? Is it also possible > to have it expire after a given amount of time?
Sure, just have a PHP script handle the downloads. Store the files you want to protect outside of your web root, that way no one can ever get to them directly. Now, construct a PHP script that's going to control the download. It can check to make sure the user is logged in if necessary among other things. You can construct a URL such as the following www.yourdomain.com/download.php?file_id=XX&code=YYYYYY where XX would identify what file they are trying to download. the "code" could be used to relate to a database or separate file that you can check to see if X minutes have passed or not, so you know whether this link is expired or not. If everything checks out fine, you just use a couple header() calls to set the appropriate headers for the type of file you are offering for download and then use readfile() to send the data. The end result to the user will be a download box if everything validates. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
