1

I have a uploads folder under my website folder root. They contains mp3s. Now this folder should only be accessible once the user has completed paypal payment for that particular mp3 i.e once the payment is complete, the download link should be emailed to them and they should only be able to download from that link.

I don't need any code extra but I just a general strategy of how such websites protect their premium content?

I am using PHP but you can provide strategy in Asp.Net too if that's more comfortable to you.

Jaggu
  • 6,298
  • 16
  • 58
  • 96
  • possible duplicate of [How to use Apache/PHP to protect directories from users that aren't logged in](http://stackoverflow.com/questions/7902417/how-to-use-apache-php-to-protect-directories-from-users-that-arent-logged-in) or [How to password protect files (images, video, zip) dynamically from public and allow access to members only?](http://stackoverflow.com/q/2416736/367456) – hakre Oct 30 '11 at 12:38

3 Answers3

3

You should just not store the MP3 files in a location accessible from the outside. Instead, the link you give to the user should be a link to a page (PHP or anything) which will

  1. verify that the user has the right to access the resource
  2. stream the asked resource to the user

Something like

download.php?mp3FileId=5435

The download.php will check if the user is authenticated and has paid for the file 5435, then read this file from a protected resource, and stream it to the HTTP response, with the appropriate content type set.

JB Nizet
  • 678,734
  • 91
  • 1,224
  • 1,255
1

Send links to .php, not to .mp3 files. If user have access to file - display file using PHP.

Example link:

http://domain.com/download.php?file=music.mp3

Script:

if($have_access) {    
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename='.basename($file));
    header('Content-Length: ' . filesize($file));
    flush();
    readfile($file);
}else{
    die('You have no access.');
}
Peter
  • 16,453
  • 8
  • 51
  • 77
0

You can do this several ways. But which ever you choose the user should be required to enter username/password to access the files.

Simplest (and most foolproof) way - a htaccess-file in the protected directory. See this link for tutorial: http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/ This is very common to protect member and vip areas of websites.

The best way would probably be to have the user register on your site and choose his/hers own username/password, and activate the account when Paypal payment is completed.

Then I would go with the download.php?id=XXX approach presented above

hampusohlsson
  • 10,109
  • 5
  • 33
  • 50