Posted by J.O. Aho on 07/08/01 11:34

Sam wrote:
> I'm in the process of setting up a web site that will allow users to
> pay for digital content that I create.
>
> It's PHP/mySQL driven and makes use of sessions to manage user log ins,
> etc.
>
> I've contemplated emailing the content to the user once purchased, but
> as some instances might be quite sizeable, (3-4 Mb), I'm leaning more
> towards having a download area that users can log in to and simlply
> 'right-click, save as' to get their file.

Yes, there are two problems with sending e-mail with big files in them which
you may haven't thought of, so it's quite good you have laready decided to
skip that as

- Users can have small file quota which limits on the size of their inbox and
if they order more than one things, they may not have space for more than at
most 1 or 2 of those.

- SMTP may filter away or block mail with big attachments.


> Trouble is - I have no idea how to implement this.

As you are selling files, you have to see to that the location of the files
are outside the directories that the web server can access.

eg you set /var/www/htdocs as the document root for your site, then the files
can't be located in /var/www/htdocs or any subdirectory to it, as they are all
accessible from the net with help of the web server. You could have the files
in /var/www/files, as the web server wouldn't (in this case) be able to access
the files.

You will need to use a fpassthru()*, this will in it's turn fill up the output
buffer, so you will need to see to that in php.ini you set the execution size
to large enough to be able to hold the largest file in the buffer and still be
able to execute the script itself (+1M to the largest file should be okey).

Now I don't know how your current things are, but is you already store info in
the sql server then you don't have to do much changes there, just keep in mind
to store who has the right to download which file (maybe a extra table for
that), don't remove the entries at once, keep that for a timespan under which
you are pretty sure the user should manage to download the file without
incidents. Use a cron job that cleans out the ones that has been there for X
days, or you could link the cleaning to logins. The table should at minimum
have the following columns: userid, fileid (or filename), time()¤

IMHO don't convert the time() value to a date, I think it's easier to work
with numbers than dates when cleaning of looking at things and you easily can
give the downloader a limit of X hours instead of X days.


It's not that much code itself here, but it's enough to push you in the right
direction and don't forget to check the links so you know how the functions works.


//Aho



* see http://www.php.net/manual/en/function.fpassthru.php
¤ http://se.php.net/manual/en/function.time.php

[Back to original message]