How do I control the number of downloads?

Posted on 2000-03-24
Last Modified: 2010-04-21
Tell me if this belongs in another category......

Here's what I want to do:

I want to offer some material through a webpage, as .htm files, probably zipped with a bunch of gifs and an index included.  A person would pay a fee, then recieve a password by email which would allow them one download that must be done by a certain date.

I know how to set up an ftp download from a webpage. How do I set it up to take passwords?  How do I allow only one download per password?  How do I make the password "expire"?

I have a shell account.

Question by:castello
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
LVL 14

Expert Comment

ID: 2655105
I would suggest doing this via CGI script.  That way, all the user would have to do is navigate their browser to your CGI.  It would generate a page asking for a password. If the password given is valid, it generates a page for them to download the item.

Since the page only exists when the CGI creates it, just knowing the URL will not get the file...

By the way, you posted this question twice... Unless you want to loose another 200 points, I would go and delete the other question...  That question is 

LVL 40

Expert Comment

ID: 2656101
You could use dynamically created directories, protected by .htaccess files, that contain the download data for that user. To be able to clean the data after the time period has elapsed you should use a directory name that includes date info. Then a cron script can tell when the dir should be deleted. The only problem with this approach is that the data isn't protected if the user accesses the site directly with an ftp client rather than a browser. All of the ftp access is actually through the anonymous ftp account.

A better method would be to create an encrypted download, using the password as the key. Again having date info in the file name would make cleaning of "expired downloads" easy from a cron script.

Author Comment

ID: 2657408
mcrider, that sounds like a good way to go.  But how can I insure that a person only downloads one copy?  It looks like I have to search a password file to determine whether the one given is valid?  Then I would simply delete the password once it's given by the visitor, that way they couldn't use it again?

I've actually set up a simple version of this using htpasswd.  And I had to do it via http, not ftp (htpasswd doesn't work for the ftp server at my ISP.  Is this normal?).  It works fine -- requires a password, but not if I go into my space via an ftp client.  Is there any way, jlevie, to prevent people from just going to my public html space and downloading the file for free?
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 40

Expert Comment

ID: 2657464
Not unless you use an ftp server that supports dynamically created users, probably outside of /etc/passwd, and that has the ability to restrict an ftp user to a specific dir. That's the reason I suggested using an "encrypted download". It won't stop the user from downloading the file more than once while it's on the system, but they do have to have the password to be able to decrypt the file and use the data. You can pack and encrypt the data with zip, using the password you assign to that user and the user will be prompted for the password when they unzip the file.

For what it's worth, I've used this method to distribute proprietary applications in the past.

Author Comment

ID: 2657478
jlevie, this does sound really secure, but I think it's way beyond my knowledge and ability at this point, and I don't think my ISP has the capability.
LVL 40

Expert Comment

ID: 2657571
Actually the only part of it that the ISP would have to have is the zip executable. There's a decent chance that it might already be there, or that they would consider installing it (you are paying for your service, after all). There would be alternatives if the download was known to be going to unix boxes, but I suspect that your targeted market is the PC world, That unfortunately restricts you to something like zip or pkzip format.
LVL 14

Accepted Solution

mcrider earned 200 total points
ID: 2657670

You said:

  >>But how can I insure that a person only downloads one copy?  It looks like I have to search a password file to determine whether the one given is valid?  Then I would simply delete the password once it's given by the visitor, that way they couldn't use it again?

Absolutely right! When the CGI receives a valid password, it transfers the file and then removes the password from the file or database you are keeping them in.  I would suggest that passwords be something like the phone number of the individual or email address...



Author Comment

ID: 2667109
I'm not going to take this approach now, because using htpasswd is less labor intensive.  If my "venture" is successful, I will certainly go for this more secure approach.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
FTP on FreeBSD server 2 165
NTP Server in VMware 5 457
Unix/bash: scripted arithmetic 13 103
Problem logging tar errors 11 74
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
FreeBSD on EC2 FreeBSD ( is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question