0

In short we are looking into how we can TRACK files after they are downloaded i.e. if they are leaked or published to find out which user was responsible for doing so. Here is the idea:

Every User who registers to our site logs in using SteamPowered.com's OpenID system binding their steam account to the account in which the transactions are handled meaning we can print data like "steam id, purchase time, order number etc" into the file properties.

Step 1: Developer Uploads Scripts
Step 2: Macro codes (place holders) are placed into the zip
Step 3: PHP executes the same as above but on the script contents.
Step 4: User Purchases the Product
Step 5: User Downloads Product and the place holders turn to trackable data as mentioned above.
Step 6: User leaks the files
Step 7: We can view the files and the properties of the "leaked" document and find out who did it and suspend/terminate the account.

This is in short what we are looking to achieve. Due to the nature of most of the content being written in lua its not like we can just create a "anti-leak" code which a novice coder couldn't learn how to remove with enough time and leak it anyway. We just want a way to catch the offenders.

Does anybody have any ideas how we could do all this using php, curl, xml etc. (running on CPanel 11 - Apache 2.4 - PHP 5.3)

user3625493
  • 1
  • 1
  • 2
    Please read [how to ask](http://stackoverflow.com/help/how-to-ask) – Pedro Lobito Apr 28 '15 at 12:57
  • 1
    Step 1: Developer Uploads Scripts. Warning: major security hole detected! – sitilge Apr 28 '15 at 13:02
  • Thats the nature of the site. its similar to that of envato just aimed at a differant market. Developers make scripts and upload them in a zip file. (they are then renamed, extensions removed, stored in a CDN which isn't externally accessible and on the download request it is copied and moved in a user accessible area for a one time download upon clicking the download button) – user3625493 Apr 28 '15 at 13:06

1 Answers1

0

we can print data like "steam id, purchase time, order number etc" into the file properties

only because you can it must not mean you actually should do that.

User Downloads Product and the place holders turn to trackable data as mentioned above.

That's all fine and so on. Just keep in mind: Stackoverflow is a public site, like you ask the question (and let's assume you got the answer with code and all the bells and whistles) so your user goes to this big search engine, types in about what just happened and - surprise surprise - lands exactly at the Stackoverflow question with ID 29920124.

What's missing? Right the link to the PHP manual for the ZipArchive class method with which you can place the file comment:

<?php

$zip = new ZipArchive;
if (!$zip) {
    throw new RuntimeException('Unable to create ZipArchive');
}

$result = $zip->open('existing-then-copied.zip', ZipArchive::CREATE);
if ($result !== TRUE) {
    throw new RuntimeException('Unable to open');
}

$result = $zip->setArchiveComment('your archive comment');
if ($result !== TRUE) {
    throw new RuntimeException('Unable to set comment');
}

$result = $zip->close();
if ($result !== TRUE) {
    throw new RuntimeException('Unable to close');
}

after that use the standard download offering routine.

Community
  • 1
  • 1
hakre
  • 193,403
  • 52
  • 435
  • 836