Web Development

General discussion


Hiding the link to a program

By ben_morrise ·
I'm creating a webpage that allows a user to purchase my game over the internet and allows them to download the program after they've paid. I'm a novice programmer and need some help. I need to know the best way to allow the user to download the program without being able to see the url, so they can't just pass the url to their friends for them to download. Can anyone help me? I'm knowledgable in mostly PHP, but I also know some Javascript. Thanks.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

re Hiding the link to a program

by jeremyf In reply to Hiding the link to a prog ...

In this case one option may be to create a validation form that the customer enters a 10 character code in. This can be passed back to a php script that would check the code in a text/db file where you will already have entered it. Once the download is complete then flag that code as used. This prevents multiple downloads and random guesses.


Collapse -

by hive_node_349 In reply to Hiding the link to a prog ...

You could have a php page stream the file to the browser by sending the appropriate headers, I can't remember what you have to set off-hand but http://www.php.net has documentation about this and I'm sure a few people round here know.

That handles stopping the user knowing where the file itself is, and for the page that sends it, you could set up a simple authorisation system that checks that they've actually paid for the product, and again this is relatively easy to set up.

That's my $0.02 anyway.

Collapse -

re: Hiding the link to a program

by matt.owen In reply to Hiding the link to a prog ...

You could open the file to download in an invisible iframe:

<iframe height="0" width="0" src="http://URL of file"></iframe>

Or alternatively use JavaScript's window.open to open a window with no address or title bar.

Collapse -

Encrypt then Decrypt

by ddhalsey In reply to re: Hiding the link to a ...

Using a pop up window will only work if you validate that the user did not use Ctrl + N to open the window in a full screen. I would suggest you encrypt the url then decrypt it for submission. Alternatively, you can use javascript's "window.status" method to display a message in the status bar instead of the URL. This will be used with a "onMouseOver" event handler written in the a href tag.

Collapse -

Where to encrypt?

by Bucky Kaufman (MCSD) In reply to Encrypt then Decrypt

I would suggest you encrypt the url then decrypt it for submission.
------- ------- ------- ------- ------- -------

This secures the URL *in transit*, but it's still plainly visible to the user, and easily handed off to his friends.

Collapse -

You can do it with some logic...

by sunsesh In reply to Hiding the link to a prog ...

Using PHP command and some program / data logic you can achieve that. Essentially the PHP script (say Download.php?file=xxxxx) will verify that the user is authorized to download the file and translate xxxx into an appropriate file outside the document root directory (which is served by the Web server, like Apache) and then execute the following:

header('Content-Type: application/octet-stream');
header('Content-Length: '.filesize($file));
header('Content-Disposition: attachment; filename="'.$fn.'"');

where $fn is the filename as exposed to the visitor and $file is the full operating system name for the file.

Let me know if you need more info.

Best of luck.

Collapse -

URL still gettable

header('Content-Disposition: attachment; filename="'.$fn.'"');

This would still make the URL plainly visible to the user, and easily handed off to his friends.

Collapse -

Use a Cookie

by dbunny84 In reply to Hiding the link to a prog ...

I am assuming thtat the purchasing of the game is made through the clients browser. In that case you could use a simple javascript to drop a cookie on their system. When the download page was accessed the cookie would be looked for, and if it existed then the download would commence.
Of course you would need to warn clients not to clear their cache before proceeding with the download.
Assuming that the user will download using the same internet session you could log their IP address into the cookie, and validate that before downloading would commence.

If you have any questions just e-mail me back.

Collapse -

Cookies too Limited

by Bucky Kaufman (MCSD) In reply to Use a Cookie

Using the cookie (token) method eliminates the possibility of some users being able to access the download - even after they've paid they're moolah.

Collapse -

Dynamic URL

What you're looking for, a URL that can't be handed off, is possible with a "Dynamic URL".

The URL for the file could be something like:

The "auth" parameter would be generated anew with each authenticated download - and then immediately discarded. If the users request additional downloads, they will have to re-authenticate themselves each time.

A similar result would be achieved with the cookie method, but that requires the client to be willing AND able to accept your site's cookies.

Encryption can also be useful (re: SSL). If you want an additionl layer of security, to keep "sniffers" from hooking onto other people's downloads, or to prevent IP spoofers from hacking the authentication process - you can install an SSL certificate, and use an "httpS://" url.

Related Discussions

Related Forums