Click here to Skip to main content
16,015,444 members
Please Sign up or sign in to vote.
4.00/5 (3 votes)
See more:
I have some software that's in beta that people can download.

I'm tracking IP address and date so I have an idea of how often it's downloaded but I'd like to track who. I've downloaded many programs myself where you have to fill in a form and then the server sends you a one time link to the email address you provided.
I can do the form, store the info and send out an email (php, mysql). That's not a big deal. But I can't find info on how to do the "one time link" thing. Does that mean that I have to copy my software into a new folder with a random name (like a GUID) each time someone submits a form ?
That would mean many copies of the software in lots of different download folders. That seems wrong. And then to put a time limit on it as well so the link they are sent no longer works after a day or 2. It's these last 2 parts I'm lost on

How to implement? Any suggestions would be appreciated.

Thanks. :-)
Posted
Updated 30-May-11 5:35am
v2
Comments
thatraja 30-May-11 12:45pm    
Good question

Take a look here[^]... it will answer your questions...

Hope this helps! :thumbsup:
 
Share this answer
 
Comments
thatraja 30-May-11 12:12pm    
Good one Tyler, 5!
Joan M 30-May-11 12:13pm    
Thank you thatraja! ^^
Monjurul Habib 30-May-11 18:31pm    
nice link .my 5.
Joan M 31-May-11 2:07am    
Thank you Monjurul Habib!
That helps. I see how that works. But it doesn't cover something. The code is sent to the user in a link that has it in a query string. Then that code is validated when the user clicks the link. I follow all that. (and I assume that "readfile" http://php.net/manual/en/function.readfile.php[^] covers that part. But the download should not come from just any old folder on your server cuz then anyone could get to it manually. So I'm not clear on that part of the process. It seems like you'd have to have your file for download in a protected folder with a user name and password. Then when the user clicks their unique link, the validation code would also then open up the protected folder and the download would begin. I'm not sure I'm following what to do there.
 
Share this answer
 
Comments
Joan M 31-May-11 2:23am    
You should not put that as a solution... you should improve your question or put another question and then link your original one. Anyway, I'll answer that putting a new solution. ;)
The files you are sending should be inside a folder that the archive robots.txt should tell the search engines not to index so no one without express knowledge of that folder would be able to get into it.

No one will know that the folder exists, so no need to put passwords or usernames to get inside that folder.

Moreover the user will use a hash that will not represent in any way the name of the folder neither the file name... So those items are safe as they remain unknown.

Your worry is correct, but I've found that even if you use hashes to protect some parts of the web site, you won't be capable to use them in order to put the username and password for your database so at the end you finish relying on the robots.txt and into the safety of your server (like in this case).

Hope this helps...
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900