Limiting downloads [Archive] - International Web Developers Network

EvilivE

January 21st, 2008, 06:41

I attempting to prevent users from downloading an executable file more than once and preventing non-registered users from downloading it at all.

---

Currently users can register to download said file via a double opt-in method. Once they verify their email address they are presented with a link to the exe to download.

If they attempt to re-visit the page to download a second time, I can prevent them from doing this. However, what I am having trouble figuring out is how to prevent them from copying the link to the exe file and bypassing the verification system or even worse simply distributing the exe file's url to the rest of the world to download.

I hope that makes sense. Any help would be greatly appreciated.

- Scott

the_pm

January 21st, 2008, 06:59

Hi Scott - nice to see you again :)

This is a tough question, because it belies an even more difficult one - what prevents someone from distributing the executible file through P2P networks once they are in possession of it?

But leaving this question along for the moment, you prevent any direct linking by providing a URL that uses a key that redirects to the file. So not allow downloading unless the referrer is a valid key. The key gets generated by the user during the opt-in process. The key is valid for a limited time - maybe 5-10 minutes? A simple CRON could be utilized to scrap keys based on their time stamp. The overhead should be minimal, unless you get bombed with thousands of requests every five minutes :)

EvilivE

January 21st, 2008, 08:12

Yes, it has been awhile. I do need to find time to participate in these discussions more often.

I appreciate your help and I have a created a test which is located here: http://www.allmartech.com/test/

Everything works as expected in FF but in IE the download doesn't start auto-magically. Not sure if this is a setting in my IE and if it is I'm sure others will have this same situation.

Any further insight would be great.

EvilivE

January 21st, 2008, 08:44

Well I got this to work.

I had originally had this line of php
header("Refresh: 5; http://www.allmartech.com/test/Golf_HDCP.ods");

I wanted to display "Your download will begin shortly" but IE was not playing along. So instead I changed the php tp this
header("Location: http://www.allmartech.com/test/Golf_HDCP.ods");

and at least I get the dialog box as expected.

Thanks.