[thelist] Perl? PHP? mySQL? required to download software from a web site - REPOST

Keith cache at dowebscentral.com
Thu Jun 6 15:09:01 CDT 2002 

Hi Sharon

Looks to me like you are trying to unnecessarily complicating a simple
proposition. I would not consider any databasing on the server for
transaction records until/unless your client gets to the point of
auto-generating the unique software so the transactions could be automated.
For now your problem is delivery.

First of all, I'd create an htaccess protected directory, let's call it
"downloads" and for example sake give it the username "XYZ" and password
"ABC". Use create_htaccess.cgi and create_htpasswd.cgi to do this. For
example sake let's also assume the unique ID is "2468" and the software is
named "software.zip".

Your client will be generating a unique ID for the unique software and can
FTP that unique software to the server. So, have your client create a
sub-directory inside "downloads" with that unique id number as the
sub-directory name and place the software in that sub-directory. Then email
the buyer the URL
http://XYZ:ABC@thedomain.com/downloads/2468/software.zip

That URL will automatically log through the Basic Authentication and
download the proper file.

That is a medium security setup simply because the username/password
remains constant and the buyer could pass it on to others who could use it
even after your client removes the unique directory. To beef it up a bit
place an index default page inside "downloads" to prevent the server from
displaying an index of the directory's sub-directories and then have your
client delete the ID based sub-directories after the download.

If you want to keep track of when the file was downloaded and do not want
to rely on server logs change the URL to
http://XYZ:ABC@thedomain.com/downloads/2468/download.cgi

where download.cgi is

#!/usr/bin/perl

open(D,">downloaded.txt");

$url = "http://thedomain.com".$ENV{'SCRIPT_NAME'};
$url =~ s/\Qdownload.cgi\E/software.zip/;

print "Location: $url\n\n";

That will create an empty file and then redirect to "software.zip". Your
client can see the lastMod date for that file in his FTP client and know
when it was downloaded. Be sure to have your client upload a copy of
download.cgi into each unique directory and give it 0755  and the directory
0777 permissions when he/she uploads the unique software.

There are lots of ways to make this more "elegant" but simplicity has it's
virtues.


keith

cache at dowebscentral.com

More information about the thelist mailing list